/frida-android-helper

Frida Android utilities

Primary LanguagePythonMIT LicenseMIT

Frida Android Helper

preview

Several handy commands to facilitate common Android pentesting tasks.

It uses pure-python-adb to interface with the ADB server.

Prerequisites

  • Python 3
  • ADB
  • Rooted Android phone

Installation

  1. Clone the repository: git clone https://github.com/Hamz-a/frida-android-helper
  2. Install python3 setup.py install

Usage

Commands are self explanatory. Ask for help fah --help.

Frida-server management

  • Start the frida-server fah server start
  • Stop the frida-server fah server stop
  • Reboot the frida-server fah server reboot
  • Update the frida-server fah server update: The latest Android frida-server is fetched from GitHub release page using the GitHub API. This is then installed on the Android device using fah server update command.

Android proxy configuration

  • Enable proxy:
    • fah proxy: will automatically select an IP address from your PC, default port 8080
    • fah proxy enable: same as above
    • fah proxy enable 192.168.137.137: specify IP address, default port 8080
    • fah proxy enable 192.168.137.137 8888: specify IP address and port
  • Disable proxy fah proxy disable
  • Get current proxy settings fah proxy get

Android proxy via reverse tethering configuration

Route traffic by performing adb reverse and a few iptables rules:

  1. Connect your Android mobile device via USB
  2. Setup an intercepting proxy (ex: Burp)
  3. Configure intercepting proxy to use transparent proxy
  4. Connect to random wifi hotspot on Android device
  • Enable rproxy:
    • fah rproxy: will use default port 8844
    • fah rproxy enable: same as above
    • fah rproxy enable 8888: specify port
  • Disable rproxy:
    • fah rproxy disable: will use default port 8844
    • fah rproxy disable 8888: specify port

Android screenshot

  • fah screen: take a screenshot with the following format deviceID_%Y.%m.%d_%H.%M.%S.png
    • fah screen filename: take a screenshot with the following format: deviceID_filename.png

Android disk snapshot

  • fah snap: take a disk snapshot of the current open app
    • fah snap com.example.app: take a disk snapshot of com.example.app app

Android certificate creation & installation for mitm purposes

  • fah cert: generate a custom CA certificate to be imported in burp & device
    • fah cert generate: same as above
    • fah cert install: install specified certificate on device
    • fah cert setup: generate and install certificate (above commands combined)

Android app

  • fah app: try to download the currently opened app
    • fah app dl: same as above
    • fah app dl <filter>: list apps by filter and download them
  • fah app list: list installed app on Android device.

Android clipboard

  • fah clip: display content of clipboard
    • fah clip copy: same as above
    • fah clip paste foo bar: set the content of the clipboard to foo bar

Android processes

  • fah ps: list apps/processes
    • fah ps foobar: same as above but filter on foobar

Ideas & bugs

Ideas and bug reports are welcome!