Brida icon indicating copy to clipboard operation
Brida copied to clipboard

Published 20 hours ago verified publisher icon federicodotta

If I enable the hook crypto stuff option, burp suite crashes.

Open cihangungor opened this issue 1 year ago • 3 comments

If I enable the 'Hook crypto stuff' option, Burp Suite crashes. In the tested APK application, every request and response packet is encrypted. When I open the application with the 'Hook crypto stuff' option enabled, I can see that it decrypts the passwords in the initial part during the launch. However, Burp Suite freezes while the application is opening, and it doesn't recover afterward. If I disable the 'Hook crypto stuff' option, everything works fine. However, the most crucial feature for me is the 'Hook crypto stuff' option :)

cihangungor avatar Jan 07 '24 06:01 cihangungor

Hi @cihangungor I experienced the same problem. I ended up not using brida for a bulk crypto hook. I feel like that is a heavy job for a complex setup like java+extension+all frida intervention all together🙂

long story short I modified the script that brida use and call it via command like. If you want an examle, you can have a look at here. At the end of the file you can see a function call. Just delete it and call the crypto hooking function.

https://github.com/mustafairan/frida-brida-scripts/blob/main/androidDefaultHooks.js You can use the command at the top. (Just delete —no-pause if you get error)

mustafairan avatar Feb 17 '24 22:02 mustafairan

Hi @cihangungor,

Unfortunately, as @mustafairan correctly suggested, huge volumes of input/output data can cause troubles and freezes in Burp Suite, because there is a lot of communications to handle back and forward from/to the JS in the mobile device, to the Python server, to Brida code.

In these situations it is better to start using Frida directly and then eventually use Brida after the initial analysis to build the custom plugins to quickly handle the various encryption and signature layers and test the backend APIs.

Federico

federicodotta avatar Mar 23 '24 14:03 federicodotta

Hi @cihangungor I experienced the same problem. I ended up not using brida for a bulk crypto hook. I feel like that is a heavy job for a complex setup like java+extension+all frida intervention all together🙂

long story short I modified the script that brida use and call it via command like. If you want an examle, you can have a look at here. At the end of the file you can see a function call. Just delete it and call the crypto hooking function.

https://github.com/mustafairan/frida-brida-scripts/blob/main/androidDefaultHooks.js You can use the command at the top. (Just delete —no-pause if you get error)

Thank you so much. I will use this script.

cihangungor avatar Mar 25 '24 05:03 cihangungor