A well-liked dynamic instrumentation tool called Frida can be used to carry out a variety of security testing tasks. It enables programmers and security experts to examine and alter the behavior of apps operating on mobile devices, desktop computers, and servers.
There are several reasons why Frida is useful in Android or iOS app Pentesting or bug bounty hunting:-
- Reverse engineering: Frida allows testers to reverse engineer and analyze the behavior of Android apps, which can help identify vulnerabilities and weaknesses.
- Intercepting function calls: Frida can be used to intercept function calls made by the application, allowing testers to modify the behavior of the application or analyze the data that is being passed between functions.
- Bypassing security measures: Frida can be used to bypass security measures implemented by the app, such as SSL pinning or root detection.
- Automating testing: Frida can be used to automate testing tasks, allowing testers to quickly and easily test multiple scenarios.
In this blog post, we will discuss how to set up Frida on an emulator to perform dynamic instrumentation on Android applications.
Step 1: Setting up the Android emulator
To get started, you will need to set up an Android emulator on your computer. You can use any emulator, such as the Android Studio emulator, Genymotion, or Bluestacks. Ensure that you have the emulator installed and running before proceeding.
Step 2: Installing Frida on the emulator
Next, you need to install Frida on the emulator. To do this, you will need to have the Frida tools installed on your computer.
- Download the Frida server for Android from the Frida website.
- Download the server version after checking the emulator architecture supported type as our emulator supports x84_64 type so we will download similar frida-server image from the above link.
C:\ adb shell getprop ro.product.cpu.abilist
- Open a terminal window on your computer and navigate to the directory where the Frida server was downloaded.
- Start the Android emulator by running the emulator command from the terminal.
- In the same terminal window, use the adb command to push the Frida server to the emulator:
adb push frida-server-16.0.10-android-x86 /data/local/tmp/frida-server
Note that the file name may be different depending on the version of Frida you downloaded.
- Make the Frida server executable by running the following command
adb shell "chmod 755 /data/local/tmp/frida-server"
- Start the Frida server on the emulator by running the following command:
adb shell "/data/local/tmp/frida-server &"
or One can directly navigate to the directory and run ./frida-server
This will start the Frida server in the background.
Step 3: Setting up the Frida client
Now that Frida is running on the emulator, you can set up the Frida client on your computer. The Frida client is a command-line tool that allows you to interact with the Frida server running on the emulator.
Make sure python3 is installed in your system.
- Install the Frida client on your computer by running the following command:
pip install frida-tools
pip install frida
- Test that the Frida client is working by running the following command:
frida-ps -U
This should display a list of running processes on the emulator.
Step 4: Instrumenting an Android application
To instrument an Android application using Frida, you will need to write a Frida script that modifies the behavior of the application. Here is a simple example of a Frida script that logs all method calls made by an application:
Java.perform(function () {
var cls = Java.use("com.example.MyApplication");
cls.onCreate.implementation = function () {
console.log("[*] onCreate() called");
this.onCreate();
};
});
Save this script to a file, such as script.js.
Install the application you want to instrument on the emulator.
Run the following command to attach Frida to the application:
frida -U com.example.MyApplication -l script.js --no-pause
Replace com.example.MyApplication
with the package name of the application you want to instrument.
Start using the application on the emulator. You should see log messages in the terminal window indicating when the onCreate method is called.
Conclusion:
Recognize that Frida is a strong instrument, so handle it with care and morality.
If you want me to write a blog post about using Frida and other techniques to evade SSL Pinning and Root detection separately, kindly let me know.
You can reach out to me on