frida-intercept-encrypted-api
frida-intercept-encrypted-api copied to clipboard
noobpk
A tool to help you intercept encrypted APIs in iOS or Android apps
Frida iOS intercept api
📍What does it help?
Banking applications, e-wallets, .. are increasingly enhanced security to fight hackers. One of them is to encrypt request/response data when sending and receiving. Some weak encryptions can be decrypted easily, but some strong encryptions like RSA are difficult. When pentesting a normal mobile application, we just need to set it up so that BurpSuite can intercept the request / response of the APIs that the application uses. But when pentesting a banking or e-wallet application with end-to-end encrypted API, with the usual BurpSuite setup we cannot see the content of the API. Hooking into functions that send request/response and intercept data before it is encrypted is one way we can view and modify data.
Architecture
Configurage handlers.js
- Add your Request / Response Class & Method
/*Request Class & Method*/
var search_request_class = [''];
var search_request_method = [''];
/*Response Class & Method*/
var search_response_class = [''];
var search_response_method = [''];`
- Debug ARGS in method
/*DEBUG REQUEST HERE*/
console.log(colors.green,"[DEBUG-REQUEST] Dump Arugment in method: ",colors.resetColor);
print_arguments(args);
console.log(ObjC.Object(args[3]));
var message1 = ObjC.Object(args[2]);
var message2 = ObjC.Object(args[3]);
var message3 = ObjC.Object(args[4]);
console.log('msg1=' + message1.toString() + ",type: "+ message1.$className);
console.log('msg2=' + message2.toString() + ",type: "+ message2.$className);
console.log('msg3=' + message3.toString() + ",type: "+ message3.$className);
Usage
- Load
burpsuite_configuration_proxy.jsonor Set up Burpsuite Proxy by following the steps below- Listen on 127.0.0.1:26080
- Redirect to 127.0.0.1:27080 and Check (Support invisible proxying)
- Run echoServer.py
- Config and optimize
handlers.js - Run burpTracer.py -p com.apple.AppStore / [-n 'App Store']
Note: Different applications will use different libraries. You need to reverse or trace the application to find the correct function.
Medium
Technical Presentation
| Title | Link |
|---|---|
| Frida iOS Intercept Api | https://medium.com/p/a5c4ef22a093 |
| Frida iOS Intercept API | Technical | How to Intercept Encrypted APIs on The Application | Part 1 | https://youtu.be/BIB3ma3Tl34 |
| Frida iOS Intercept API | Technical | How to Intercept Encrypted APIs on The Application | Part 2 | https://youtu.be/IojcakLNtrA |
Demo
| Title | Link |
|---|---|
| Frida iOS Intercept API | Demo | How to Intercept Encrypted APIs on OceanBank Application | https://youtu.be/cJwLdXd6dhg |
| Frida iOS Intercept API | Demo | How to Intercept Encrypted APIs on SaiGonBank Smart Banking Application | https://youtu.be/_WR-4tXEeg4 |
| Frida iOS Intercept API | Demo | How to Intercept Encrypted APIs on BaoViet Smart Application | https://youtu.be/nrRlqJ8xpCo |
noobpk