Brida, Burp to Frida Bridge

Brida bridges Burp Suite and Frida, enabling you to use application methods directly while intercepting and modifying traffic between applications and their backend servers. It is a collection of tools created to speed-up everyday mobile assessments that minimize or even eliminates the need to reverse engineer and reimplement cryptographic routines, token generation, or other complex security mechanisms, by offering an engine that allows to graphically create custom plugins that inspect and edit HTTP requests and responses using the same mobile functions used by the mobile application itself. Other offered tools include pre-built hooks to bypass common security controls, a graphical tool to explore the application's class structure and add inspection or tamper hooks and an integrated JS editor.

Features

• Integrate Frida in Burp Suite, with a integrated inteface that can be used to easilty execute mobile application functions directly on Burp Suite requests and responses, via Frida exports (using the mobile app's own functions instead of reversing and reimplementing them in a dedicated plugin).
• Graphically create internal plugins to process HTTP requests/responses using the mobile app's own code (e.g. encryption, decryption, signatures, ...)
• Add custom tabs, context menu options, and buttons that invoke mobile application functions on selected requests and responses
• Offers many pre-built Frida hooks for common mobile tasks (SSL pinning, jailbreak/root detection bypasses, KeyStore/keychain inspection and similar).
• Inspect binary structure with a tree view of classes, methods and exports and add hooks directly from the GUI (trace methods, capture backtraces, alter predefined return values).
• Write, edit and test custom Frida scripts in the integrated JavaScript editor with syntax highlighting and helper encoders/decoders.
• Support for all Frida-compatible platforms like iOS, Android, Windows, macOS, Linux, and QNX

Usage

1. Install Python with frida, frida-tools, and pyro4 packages
2. Install Node.js and npm, ensuring they are in your system PATH
3. Deploy frida-server on your target device (jailbroken iOS or rooted Android) or patch your application with frida-gadget
4. Configure the Brida connection settings in the "Configurations" tab to connect Burp Suite to the Frida server of your target application. More information can be found on the Brida wiki
5. Use the "Graphical Analysis" tab to explore the application's class structure and add inspection or tamper hooks
6. Create custom plugins in the "Custom Plugins" tab to process requests and responses, to add custom tabs, to add context menu options, to add buttons, using mobile application own functions
7. Apply pre-built hooks from the "Hooks and functions" section to bypass common security controls
8. Use the "JS Editor" tab to customize your Frida own hooks
9. Monitor all the Frida and Brida output in the unified logging console, at the bottom of the Brida interface