Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated ReadMe file for better understanding #69

Merged
merged 2 commits into from
Jan 24, 2024
Merged

Updated ReadMe file for better understanding #69

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5ca2339
Updated ReadMe file for better understanding
AlexPaiva Jan 23, 2024
6e99ada
Format extra README details a little for clarity
pimterry Jan 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,19 @@ The scripts can automatically handle:
To get started:

1. Start your MitM proxy (e.g. [HTTP Toolkit](https://httptoolkit.com/android/)), and set up your rooted Android device or emulator, connected to ADB.
2. Find your MitM proxy's port (e.g. 8000) and its CA certificate in PEM format (should start with `-----BEGIN CERTIFICATE-----`). In HTTP Toolkit, both details can be found in the 'Anything' option on the Intercept page.
2. Find your MitM proxy's port (e.g. 8000) and its CA certificate in PEM format
* The CA certificate should start with `-----BEGIN CERTIFICATE-----`. You can open it with a text editor to see and extract this content.
* In HTTP Toolkit, both details can be found in the 'Anything' option on the Intercept page.
3. Open `config.js`, and add those details:
* `CERT_PEM`: your CA certificate in PEM format
* `CERT_PEM`: your CA certificate in PEM format.
* `PROXY_PORT`: the proxy's port
* `PROXY_HOST`: the address of your proxy, from the perspective of your device (or use `adb reverse tcp:$PORT tcp:$PORT` to forward the port over ADB, and use `127.0.0.1` as the host)
4. Install & start Frida on your device (e.g. download the relevant server from [github.com/frida/frida](https://github.com/frida/frida/releases/latest), extract it, `adb push` it to your device, and then run it with `adb shell`, `su`, `chmod +x /.../frida-server`, `/.../frida-server`).
4. Install & start Frida on your device
* The steps here may depend on your specific device & configuration.
* For example: download the relevant `frida-server` from [github.com/frida/frida](https://github.com/frida/frida/releases/latest), extract it, `adb push` it to your device, and then run it with the following 4 commands: `adb shell`, `su`, `chmod +x /.../frida-server`, `/.../frida-server`.
* If you have issues, remember to check the device is on & connected (using `adb devices`) before running commands. Note that Frida will only run on the device as root, which is what `su` provides in the example above, when run on a rooted device. To check you are root after running `su` or similar, check that running `whoami` in the shell prints `root`.
5. Find the package id for the app you're interested in (for a quick test, try using [github.com/httptoolkit/android-ssl-pinning-demo](https://github.com/httptoolkit/android-ssl-pinning-demo) - the package id is `tech.httptoolkit.pinning_demo`)
6. Use Frida to launch the app you're interested in with the scripts injected (starting with `config.js`). Which scripts to use is up to you, but for Android a good command to start with is:
6. Use Frida to launch the app you're interested in with the scripts injected (starting with `config.js`). Which scripts to use is up to you, but for Android a good command to start with is (if you are on Linux):
```bash
frida -U \
-l ./config.js \
Expand Down