Overview
Syllabus
Intro
Black-box testing challenges
Enter Frida
Where does it work?
Frida's toolkit
Simple example - frida-trace on iOS
Digging into a trace
Inside a handler
Modifying handlers
A new and improved trace
Where was that code running?
How can we use Frida?
Tracing functions on Android
Function tracing in action
Using a trace to explore
Exploring keychain functionality
What did we find?
Frida CLI
Exploring Keychain classes
Automating with agent scripts
Tracing Java methods on Android
Building agent.js
Java trace in action
How can we use agents?
Bluetooth metadata on Android
URL scheme fuzzing on iOS
Adding commands
URL scheme fuzzer highlights
Using Frida Codeshare
Bypassing controls - SSL pinning
SSL pinning bypass on iOS
Interceptor API
Locating nw tls create peer trust
Replacing nw_tls_create_peer_trust
Try it for yourself!
SSL pinning bypass - demo
Standalone tools
Elements of a standalone tool
Basic Python script
Frida rpc.exports
The agent: classdump.js
Want to learn more?
Taught by
Bugcrowd