https://appsec.fyi/tools.html#frida Curated Frida resources from appsec.fyi en-us Sun, 07 Jun 2026 04:05:35 +0000 carl@chs.us (Carl Sampson) https://httptoolkit.com/blog/android-reverse-engineering/ https://httptoolkit.com/blog/android-reverse-engineering/ Library for reverse engineering and modifying Android applications, utilizing JADX for code extraction and Frida for dynamic instrumentation. This resource details how to decompile APKs, analyze Java source code generated by JADX, and write custom Frida scripts to bypass security measures like certificate pinning, enabling traffic interception with tools like HTTP Toolkit. It covers techniques applicable to understanding and altering app behavior beyond standard certificate pinning implementations. Frida intermediate Wed, 22 Apr 2026 12:52:42 +0000 https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup Writeup details bypassing iOS Frida detection using LLDB and Frida. The process involves jailbreaking an iPhone, setting up development tools like `libimobiledevice`, `frida-tools`, and LLDB, and then using `debugserver` for remote debugging. The author demonstrates how to find and breakpoint `FridaInTheMiddle.systemSanityCheck()` with LLDB to bypass detection, trace the `dummyFunction(flag:)` Swift function using `frida-trace` to get its mangled name, and finally hook this function with a Frida script to intercept and decode the Swift string argument, ultimately revealing the flag. Frida intermediate Wed, 22 Apr 2026 12:52:40 +0000 https://github.com/httptoolkit/frida-interception-and-unpinning https://github.com/httptoolkit/frida-interception-and-unpinning Library of Frida scripts automates HTTPS MitM interception on mobile devices by redirecting traffic to a proxy, injecting CA certificates into trust stores, and patching certificate pinning and transparency checks. It also handles fallback patching for obfuscated certificate pinning on Android, disables root/jailbreak detection, and blocks HTTP/3 connections. The scripts can be used independently or together to intercept HTTP(S) traffic on Android and iOS. Frida intermediate Wed, 22 Apr 2026 12:52:40 +0000 https://medium.com/@talsec/hook-hack-defend-fridas-impact-on-mobile-security-how-to-fight-back-145dea12daf3 https://medium.com/@talsec/hook-hack-defend-fridas-impact-on-mobile-security-how-to-fight-back-145dea12daf3 Frida's Impact on Mobile Security and How to Fight Back Frida intermediate Thu, 16 Apr 2026 21:04:02 +0000 https://blog.voorivex.team/from-an-android-hook-to-rce-5000-bounty https://blog.voorivex.team/from-an-android-hook-to-rce-5000-bounty From an Android Hook to RCE: $5000 Bounty Frida intermediate Thu, 16 Apr 2026 21:04:02 +0000 https://codeshare.frida.re/@liangxiaoyi1024/ios-jailbreak-detection-bypass/ https://codeshare.frida.re/@liangxiaoyi1024/ios-jailbreak-detection-bypass/ Frida CodeShare: iOS Jailbreak Detection Bypass Frida intermediate Sat, 11 Apr 2026 16:45:35 +0000 https://www.corellium.com/blog/ios-jailbreak-detection-bypass https://www.corellium.com/blog/ios-jailbreak-detection-bypass Library for bypassing iOS jailbreak detection using Frida. This guide details how to leverage Corellium's virtualized platform to identify and hook specific methods within applications like DVIA-2. It covers setup, class and method enumeration, and modifying boolean return values to circumvent detection mechanisms, enabling dynamic analysis and security testing of iOS applications. Frida intermediate Sat, 11 Apr 2026 16:45:34 +0000 https://mas.owasp.org/MASTG/tools/generic/MASTG-TOOL-0031/ https://mas.owasp.org/MASTG/tools/generic/MASTG-TOOL-0031/ Library for dynamic instrumentation, Frida enables JavaScript execution within native Android and iOS applications. It utilizes QuickJS for code injection via modes like Injected, Embedded, and Preloaded. Key APIs include Interceptor for inline hooking and Stalker for transparent, high-granularity tracing using JIT recompilation. Frida also offers specific APIs for Java and Objective-C interaction, alongside terminal tools such as `frida-ps` for process listing and `frida-trace` for function call tracing. Frida 17 introduces breaking changes, including the removal of bundled runtime bridges, necessitating separate installation via `frida-pm`, and API modifications for enhanced readability and performance. Frida intermediate Fri, 10 Apr 2026 01:52:33 +0000 https://approov.io/blog/how-to-bypass-certificate-pinning-with-frida-on-an-android-app https://approov.io/blog/how-to-bypass-certificate-pinning-with-frida-on-an-android-app Walkthrough of bypassing certificate pinning on Android apps using Frida to enable Man-in-the-Middle (MitM) attacks. This guide details the setup of Frida, Android Studio, Mitmproxy, and an Android emulator, then demonstrates hooking into the ShipFast app's runtime to intercept HTTPS traffic, even when certificate pinning is implemented via the network security config file. Frida intermediate Fri, 03 Apr 2026 15:50:17 +0000 https://infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29 https://infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29 Hail Frida!! The Universal SSL Pinning Bypass for Android Frida intermediate Fri, 03 Apr 2026 15:50:16 +0000 https://www.netspi.com/blog/technical-blog/mobile-application-pentesting/four-ways-bypass-android-ssl-verification-certificate-pinning/ https://www.netspi.com/blog/technical-blog/mobile-application-pentesting/four-ways-bypass-android-ssl-verification-certificate-pinning/ Library detailing four methods to bypass Android SSL verification and certificate pinning for man-in-the-middle attacks. Techniques include adding a custom CA to the trusted certificate store, overwriting packaged CA certificates, utilizing Frida to hook and bypass checks, and reversing custom certificate code, with tools like BurpSuite, ZAP, Frida, and Objection mentioned. Frida intermediate Fri, 03 Apr 2026 15:50:12 +0000 https://httptoolkit.com/blog/frida-certificate-pinning/ https://httptoolkit.com/blog/frida-certificate-pinning/ Library for bypassing Android certificate pinning using Frida. This technique enables security researchers, developers, and privacy advocates to intercept and inspect HTTPS traffic from hyper-vigilant applications that employ custom certificate validation beyond the default system trust store. The library details how to leverage Frida scripts to modify application behavior dynamically, remove SSL pinning logic, and expose the actual network communication for analysis, particularly useful for apps like Twitter, N26, or BBVA. Frida intermediate Fri, 03 Apr 2026 15:50:09 +0000