From 5ca233985bd54a7d2919be5cdfa2b655a9a61c68 Mon Sep 17 00:00:00 2001 From: Alexandre Paiva Date: Tue, 23 Jan 2024 13:59:38 +0000 Subject: [PATCH 1/2] Updated ReadMe file for better understanding --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d8da560..2660ee3 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,12 @@ To get started: 1. Start your MitM proxy (e.g. [HTTP Toolkit](https://httptoolkit.com/android/)), and set up your rooted Android device or emulator, connected to ADB. 2. Find your MitM proxy's port (e.g. 8000) and its CA certificate in PEM format (should start with `-----BEGIN CERTIFICATE-----`). In HTTP Toolkit, both details can be found in the 'Anything' option on the Intercept page. 3. Open `config.js`, and add those details: - * `CERT_PEM`: your CA certificate in PEM format + * `CERT_PEM`: your CA certificate in PEM format (Open with a text editor to extract the information) * `PROXY_PORT`: the proxy's port * `PROXY_HOST`: the address of your proxy, from the perspective of your device (or use `adb reverse tcp:$PORT tcp:$PORT` to forward the port over ADB, and use `127.0.0.1` as the host) -4. Install & start Frida on your device (e.g. download the relevant server from [github.com/frida/frida](https://github.com/frida/frida/releases/latest), extract it, `adb push` it to your device, and then run it with `adb shell`, `su`, `chmod +x /.../frida-server`, `/.../frida-server`). +4. Install & start Frida on your device (e.g. download the relevant server (frida-server) from [github.com/frida/frida](https://github.com/frida/frida/releases/latest), extract it, `adb push` it to your device (ensure device is on and connected via ADB), and then run it with the following 4 commands: `adb shell`, `su` (Here you get super user (root) permissions, run `whoami` to check if you are root or not, if you are not root it will not work), `chmod +x /.../frida-server`, `/.../frida-server`). 5. Find the package id for the app you're interested in (for a quick test, try using [github.com/httptoolkit/android-ssl-pinning-demo](https://github.com/httptoolkit/android-ssl-pinning-demo) - the package id is `tech.httptoolkit.pinning_demo`) -6. Use Frida to launch the app you're interested in with the scripts injected (starting with `config.js`). Which scripts to use is up to you, but for Android a good command to start with is: +6. Use Frida to launch the app you're interested in with the scripts injected (starting with `config.js`). Which scripts to use is up to you, but for Android a good command to start with is (if you are on Linux): ```bash frida -U \ -l ./config.js \ From 6e99adad29346e217f77c46786ce79c48525286a Mon Sep 17 00:00:00 2001 From: Tim Perry Date: Wed, 24 Jan 2024 17:08:08 +0100 Subject: [PATCH 2/2] Format extra README details a little for clarity --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2660ee3..b265a81 100644 --- a/README.md +++ b/README.md @@ -16,12 +16,17 @@ The scripts can automatically handle: To get started: 1. Start your MitM proxy (e.g. [HTTP Toolkit](https://httptoolkit.com/android/)), and set up your rooted Android device or emulator, connected to ADB. -2. Find your MitM proxy's port (e.g. 8000) and its CA certificate in PEM format (should start with `-----BEGIN CERTIFICATE-----`). In HTTP Toolkit, both details can be found in the 'Anything' option on the Intercept page. +2. Find your MitM proxy's port (e.g. 8000) and its CA certificate in PEM format + * The CA certificate should start with `-----BEGIN CERTIFICATE-----`. You can open it with a text editor to see and extract this content. + * In HTTP Toolkit, both details can be found in the 'Anything' option on the Intercept page. 3. Open `config.js`, and add those details: - * `CERT_PEM`: your CA certificate in PEM format (Open with a text editor to extract the information) + * `CERT_PEM`: your CA certificate in PEM format. * `PROXY_PORT`: the proxy's port * `PROXY_HOST`: the address of your proxy, from the perspective of your device (or use `adb reverse tcp:$PORT tcp:$PORT` to forward the port over ADB, and use `127.0.0.1` as the host) -4. Install & start Frida on your device (e.g. download the relevant server (frida-server) from [github.com/frida/frida](https://github.com/frida/frida/releases/latest), extract it, `adb push` it to your device (ensure device is on and connected via ADB), and then run it with the following 4 commands: `adb shell`, `su` (Here you get super user (root) permissions, run `whoami` to check if you are root or not, if you are not root it will not work), `chmod +x /.../frida-server`, `/.../frida-server`). +4. Install & start Frida on your device + * The steps here may depend on your specific device & configuration. + * For example: download the relevant `frida-server` from [github.com/frida/frida](https://github.com/frida/frida/releases/latest), extract it, `adb push` it to your device, and then run it with the following 4 commands: `adb shell`, `su`, `chmod +x /.../frida-server`, `/.../frida-server`. + * If you have issues, remember to check the device is on & connected (using `adb devices`) before running commands. Note that Frida will only run on the device as root, which is what `su` provides in the example above, when run on a rooted device. To check you are root after running `su` or similar, check that running `whoami` in the shell prints `root`. 5. Find the package id for the app you're interested in (for a quick test, try using [github.com/httptoolkit/android-ssl-pinning-demo](https://github.com/httptoolkit/android-ssl-pinning-demo) - the package id is `tech.httptoolkit.pinning_demo`) 6. Use Frida to launch the app you're interested in with the scripts injected (starting with `config.js`). Which scripts to use is up to you, but for Android a good command to start with is (if you are on Linux): ```bash