Some useful FRIDA javascript tools for mobile security analysis (some are also shared on: https://codeshare.frida.re/), these scripts have been tested only on devices (it is not guaranteed that they work on emulators):
Script to bypass multiple certificate pinning checks in Android apps:
Script to bypass certificate pinning check implemented with a recursive TrustManager in Android apps:
Script to bypass network security config pinning check in Android apps (inspired by other similar scripts as https://research.nccgroup.com/2017/11/03/bypassing-androids-network-security-configuration/
and https://cmrodriguez.me/blog/nsc-bypass/
):
Script to analyze the calls to Android Keystore performed by Android apps:
- Copyright (c) 2019
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/