Brida, Burp to Frida bridge
This extension works as a bridge between Burp Suite and Frida, lets you use and manipulate applications' own methods while tampering the traffic exchanged between the applications and their back-end services/servers. It supports all platforms supported by Frida (Windows, macOS, Linux, iOS, Android, and QNX).
This idea is a need that is born during the analysis of some mobile application that use strong symmetric cryptography using random keys, without knowing the correct secret all data was not modifiable via Burp neither with a custom plugin. More generally, applications' logic could be based on cryptographic tokens, it could use a complex challenge-response algorithm as well, and so on. How can we tamper the messages? Most of the times the only viable approach is to decompile/disassemble the application, identify the functions or methods we're interested in AND re-implement them. This approach is obviously time consuming and not always really viable: i.e. the generation of tokens and/or the encryption routines could be based on cryptographic material strictly tied to the device (state) or stored inside protected areas and thus not directly accessible... That's when Brida comes in handy: instead of trying to extract keys/certificates and re-writing the routines we're interested in, why don't we let the application do the dirty work for us?
Last version introduces the most recent Frida hooks developed by the community for Android and iOS platforms to bypass and inspect security features and new highly-customizable engine that allows to graphically create custom plugins to:
- Process requests/responses that pass through every Burp Suite tool, in order to be able to encrypt/decrypt/resign elements of requests and responses using Frida exported functions
- Add custom tab to Burp Suite request/response pane, in order to be able to decrypt/decode/process requests/responses (or portion of them) using Frida exported functions (and then encrypt/encode/process modifications and replacing the original request/response, if any)
- Add custom context menu options to invoke Frida exported functions on requests and responses
- Add buttons that invoke/enable Frida exported functions
In order to be able to use Brida, you need:
- Burp Suite (1.X or 2.X)
- Frida client
- A jailbroken iOS device/rooted Android device with frida-server running on it (or an application patched with the frida-gadget)
- An application to analyze! :D
The slides of our conference presented at HackInBo 2017 Winter Edition that describes the first version can be found at:
- (ENG) https://www.hackinbo.it/slides/1508354139_HackInBo%202017%20Winter%20Edition%20-%20Federico%20Dotta%20-%20Advanced%20mobile%20penetration%20testing%20with%20Brida%20-%20141017.pdf
The slides and the video of our conference presented at Hack In The Box 2018 Amsterdam that describes the new features of the version 0.2 can be found at:
|Author||Federico Dotta, Piergiovanni Cipolloni|
|Last updated||04 February 2022|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.