reference
Complete! Full Tutorial for Getting Started with Frida - Programmer Sought
[Tutorial] Fiddler real machine simulator captures packets + frida breaks through ssl pinning
install python
Install Frida
The frida framework is divided into two parts:
- One part is the interactive tool frida CLI running on the system.
- The other part is the code injection tool frida-serve running on the target machine.
Frida-server is a daemon process that communicates with the Frida core engine through TCP. The default listening port is 27042
1. Windows installation
pip install frida
pip install frida-toolsYou can use frida --version to view version information
If you need to specify a version:
pip install frida==12.8.0
pip install frida-tools==5.3.02. Mobile phone installation
To determine the architecture of our mobile phone, enter the following command:
adb shell getprop ro.product.cpu.abi
Mine is arm64-v8a, go to https://github.com/frida/frida/releases to download the Android version of frida-server
frida-server-16.0.2-android-arm64.xz
Note: It needs to correspond to the version on windows, mine is 16.0.2
Download the file frida-server-16.0.2-android-arm64
Then upload it to the phone via adb
adb push .\frida-server-16.0.2-android-arm64 /data/local/tmp
Then grant it 777 permissions (need to use su). Then
chmod 777 frida-server-16.0.2-android-arm64
Frida 15.XX no longer supports Android 5 and lower versions
It is actually measured that my Android 5.1 device will restart when using 64-bit, and the version will be downgraded
https://github.com/frida/frida/issues/871
It seems that I have found the problem. The root phones I currently have are all MediaTek 64-bit CPUs and Huawei HiSilicon Kirin CPUs, so frida-server above 12.5.0 will cause the phone to restart, and then I found a The mobile phone with Qualcomm 64-bit CPU is found to be ok, maybe the author did not adapt to the CPU of MediaTek, if it is the CPU of MediaTek, use the version 12.4.0, it is available for personal testing
uninstall command
pip uninstall frida
pip uninstall frida-toolsUse 12.4.0 (you need to roll back python to 3.7, it is recommended to use pyenv-win for management)
About pyenv-win
Python's pyenv-win tool [package] installation and use - Programmer Sought
https://www.jianshu.com/p/fe8991a7e14d
pip install frida==12.4.0
pip install frida-tools==1.3.1Start the frida server on the phone
cd /data/local/tmp/
./frida-server-12.4.0-android-arm64
Stuck is normal operation.
Then we execute Frida-ps -U on the window
as shown in the figure below, which means the installation is successful
① If "frida -U -f package name" is executed:
Failed to spawn: unable to handle 64-bit processes due to build configuration
Then you need to go back to the third step and select the frida-server corresponding to the 64-bit version.
② If the rida installation is complete, running frida-ps will report an error prompting that the corresponding module cannot be found
Failed to load the Frida native extension: DLL load failed: 找不到指定的模块。
Please ensure that the extension was compiled for Python 3.x.
***
Traceback (most recent call last):
File "D:\Python37\Scripts\frida-ps-script.py", line 11, in <module>
load_entry_point('frida-tools==1.1.0', 'console_scripts', 'frida-ps')()
File "d:\python37\lib\site-packages\frida_tools\ps.py", line 6, in main
from frida_tools.application import ConsoleApplication
File "d:\python37\lib\site-packages\frida_tools\application.py", line 19, in <
module>
import frida
File "d:\python37\lib\site-packages\frida\__init__.py", line 24, in <module>
raise ex
File "d:\python37\lib\site-packages\frida\__init__.py", line 7, in <module>
import _frida
ImportError: DLL load failed: The specified module could not be found.
This problem is because the python version is too high or low, and pip frdia is not compatible with the corresponding version. Replace the lower version such as python 3.8, and then install pip install frida and pip install frida-tools to solve the problem. See also: frida PyPI for python version support
injection script
GitHub - BigFaceCat2017/frida_ssl_logger: ssl_logger based on frida
GitHub - google/ssl_logger: Decrypts and logs a process's SSL traffic.
The crawl here is based on the crawler of BigFaceCat2017
Remember to install hexdump first
pip install hexdumpStart the packet capture and save the file to test.pcap
python3 ssl_logger.py -U -f -p test.pcap com.yiban.app Turn off SELinux, execute in adb shell:
echo 0 > /sys/fs/selinux/enforce
或者
setenforce 0If you get "frida.ServerNotRunningError: unable to connect to remote frida-server" error, try port forwarding:
adb forward tcp:27042 tcp:27042Frida Chinese garbled solution
Enter the frida installation package and find the application.py file (the picture shows the low version frida directory structure diagram, the high version frida is in the frida-tools folder) and 
find the _print function under the ConsoleApplication class (the low version is about 333 lines)
# 原始的
# def _print(self, *args, **kwargs):
# encoded_args = []
# if sys.version_info[0] >= 3:
# string_type = str
# decoder = "unicode-escape"
# else:
# string_type = unicode
# decoder = "string-escape"
# encoding = sys.stdout.encoding or 'UTF-8'
# for arg in args:
# if isinstance(arg, string_type):
# encoded_args.append(arg.encode(encoding, errors='replace').decode(decoder, errors='replace'))
# else:
# encoded_args.append(arg)
# print(*encoded_args, **kwargs)
# self._console_state = ConsoleState.TEXT
# frida-tools抄的(修改成以下代码)
def _print(self, *args, **kwargs):
encoded_args = []
encoding = sys.stdout.encoding or 'UTF-8'
if encoding == 'UTF-8':
encoded_args = args
else:
if sys.version_info[0] >= 3:
string_type = str
else:
string_type = unicode
for arg in args:
if isinstance(arg, string_type):
encoded_args.append(arg.encode(encoding, errors='backslashreplace').decode(encoding))
else:
encoded_args.append(arg)
print(*encoded_args, **kwargs)
self._console_state = ConsoleState.TEXT
Save and run again