💾 Archived View for gemini.macdermid.ca › android-mitm.gmi captured on 2023-03-20 at 17:25:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-04-28)
-=-=-=-=-=-=-
Create a virtual phone in genymotion then follow the tutorial on the mitmproxy site to add a certificate to the system partition:
https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
Open VirtualBox, find the machine, and add port forwarding for TCP port 27042 from the host to the VM. This will allow us to talk to Frida running inside.
Make sure root is enabled in android, `adb install FridaLoader.apk` and the app that will be tested.
Run the `Frida Loader` app on the virtual phone. Install and start Frida.
Finally look up the app id from the host with `frida-ps -Uai`.
Some apps will use certificate pinning and will refuse to work through a proxy. There are multiple frida scripts that can fix this. Here's the example of how you might start an app using one of them:
frida -U --codeshare sowdust/universal-android-ssl-pinning-bypass-2 --no-pause -f com.example.app.id
The app can also be connected to using objection: `objection -g com.example.app.id explore`
https://github.com/dineshshetty/FridaLoader/releases
https://github.com/sensepost/objection
https://medium.com/@sakshi12/root-detection-bypass-by-objection-and-frida-8a4275b67e8e