Observe file system accesses by hooking some java.io.File* classes and methods, libc open/read functions and try to resolve associtation between file descriptor and path. Optionally, it can dumps the data.
Developers of Android applications usually tend to add additional "protection" (e.g. AES encryption) to their proprietary communication protocols, or to encrypt local files in order to hide some sensitive information. This snippet intercepts Java Crypto API in Android application, prints a symmetric key, algorithm spec, and a plain data right before the final encryption (as well as a cipher data right before the decryption).
Dumps bytes of DEX provided to InMemoryDexClassLoader on Android
Another universal ssl certificate pinning bypass script for Android (https://gist.github.com/akabe1/ac6029bf2315c6d95ff2ad00fb7be1fc)
[Android] Dynamic Hooks (Creating Function Hooks Was Never Easier)
https://www.notsosecure.com/instrumenting-native-android-functions-using-frida/
Dumping URI data from a deep link
Bypass SSL certificate validation for the injected app on iOS 10/11
有用的函数:包括模拟点击,keychain数据查看,界面结构分析,获取OC类信息等 several useful iOS utils,including keychain dumper, view dumper, perform click
Hook all the methods of all the classes owned by the iOS app
This is a simple handler I have created to extract the body and request type (GET/POST) for each request made by the target iOS application. I'm @J_Duffy01 on Twitter if any q's!
Bypasses debugging mode checks when USB Debugging mode is activated
Dump useful values of CCCrypt function
Android Certificate Pinning Bypass for OkHttpClient
Check if an iOS app supports the use of custom third-party keyboards.
bypass mostly common android ssl pinning method