Trace Class/Func & Modify Return Value
Project description
Frida iOS hook
A script that helps you trace classes, functions, and modify the return values of methods on iOS platform.
For Android platform: https://github.com/noobpk/frida-android-hook
Env OS Support
OS | Supported | Noted |
---|---|---|
MacOS | :white_check_mark: | main |
Linux | :white_check_mark: | sub |
Windows | :white_check_mark: | sub |
Compatible with
iOS | Frida | Supported |
---|---|---|
13.2.3 | 14.2.13 | :white_check_mark: |
14.4.2 | 14.2.13 | :white_check_mark: |
Feature
Running with python3.x
Support both spawn & attach script to process.
[+] Options:
-p(--package) Identifier of application ex: com.apple.AppStore
-n(--name) Name of application ex: AppStore
-s(--script) Using script format script.js
-c(--check-version) Check for the newest version
-u(--upadte) Update to the newest version
[*] Dump decrypt IPA:
-d, --dump Dump decrypt application.ipa
-o OUTPUT_IPA, --output=OUTPUT_IPA
Specify name of the decrypted IPA
[*] Information:
--list-devices List All Devices
--list-apps List The Installed apps
--list-appinfo List Info of Apps on Itunes
--list-scripts List All Scripts
[*] Quick method:
-m(--method) Support commonly used methods
- app-static(-n)
- bypass-jb(-p)
- bypass-ssl(-p)
- i-url-req(-p)
- i-crypto(-n)
Update
Version: 3.3a
[+] Change:
[-] Update example usage
[-] Optimize core hook.py
[-] Update README.md
[+] New:
[-] Add new new option dump decrypt application.ipa
Install & Usage
1. Git clone https://github.com/noobpk/frida-ios-hook
2. cd frida-ios-hook/
3. python3 hook.py --help(-h)
4. rebellion :))
If you run the script but it doesn't work, you can try the following:
frida -U -f package -l script.js
Frida-Script
Updated some frida scripts to help you with the pentest ios app. Filter script using spawn(S) or attach(A)
N | Spawn/Attach | Script Name | Script Description |
---|---|---|---|
1 | S | bypass-jailbreak-1.js | Basic bypass jailbreak detection |
2 | S | dump-ios-url-scheme.js | Dump iOS url scheme when "openURL" is called |
3 | S | dump-ui.js | Dump the current on-screen User Interface structure |
4 | S+A | find-all-classes.js | Dump all classes used by the app |
5 | S+A | find-all-methods-all-classes.js | Dump all methods inside all classes |
6 | S+A | find-specific-method.js | Find a specific method in all classes |
7 | S+A | hook-all-methods-of-specific-class.js | Hook all the methods of a particular class |
8 | S+A | hook-specific-method-of-class.js | Hook a particular method of a specific class |
9 | S+A | ios-app-static-analysis.js | iOS app static analysis |
10 | S+A | ios-list-apps.js | iOS list information application |
11 | S+A | ios-url-scheme-fuzzing.js | iOS url scheme fuzzing |
12 | S | pasteboard-monitoring.js | Monitor usage of pasteboard. Useful to show lack of secure attribute on sensitive fields allowing data copying. |
13 | A | read-nsuserdefaults.js | Show contents fo NSUserDefaults |
14 | S+A | show-all-methods-of-specific-class.js | Dump all methods of a particular class |
15 | S+A | show-argument-type-count-and-return-value-type.js | Show argument type & count and type of return value for a function in a class |
16 | S+A | show-instance-variables-for-specific-class.js | Show all instance variables of a particular class |
17 | S+A | show-modify-function-arguments.js | Show and modify arguments of a function inside a class |
18 | S+A | show-modify-method-return-value.js | Show and modify return value of a particular method inside a class |
19 | A | show_binarycookies.js | Show contents of Cookies.binarycookies file |
20 | S | bypass-ssl-ios13.js | iOS13 bypass ssl pinning |
21 | S | flutter_trace_function.js | iOS flutter trace function |
22 | S+A | ios-intercept-crypto.js | Intercepts Crypto Operations |
23 | S+A | ios-intercept-crypto-2.js | Intercepts Crypto Operations 2 |
Disclaimer
Because I am not a developer, so my coding skills might not be the best. Therefore, if this tool have any issue or not working for you, create an issue and i will try to fix it. Any suggestions for new feature and discussions are welcome!
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Frida_iOS_Hook-3.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0a0969c4f423269a666692bc1255e58f740525fd304c4d75bcb9e608617729cc |
|
MD5 | 54fa90bc4816cea8faa02a393219411d |
|
BLAKE2b-256 | 7f414504e350f9c17dbed3157cf28c862530bf9f0391821ba5bcdfd6b8b029df |