Brida, Burp to Frida bridge
This extension works as a bridge between Burp Suite and Frida, lets you use and manipulate applications' own methods while tampering the traffic exchanged between the applications and their back-end services/servers. It supports all platforms supported by Frida (Windows, macOS, Linux, iOS, Android, and QNX).
This idea is a need that is born during the analysis of some mobile application that use strong symmetric cryptography using random keys, without knowing the correct secret all data was not modifiable via Burp neither with a custom plugin. More generally, applications' logic could be based on cryptographic tokens, it could use a complex challenge-response algorithm as well, and so on. How can we tamper the messages? Most of the times the only viable approach is to decompile/disassemble the application, identify the functions or methods we're interested in AND re-implement them. This approach is obviously time consuming and not always really viable: i.e. the generation of tokens and/or the encryption routines could be based on cryptographic material strictly tied to the device (state) or stored inside protected areas and thus not directly accessible... That's when Brida comes in handy: instead of trying to extract keys/certificates and re-writing the routines we're interested in, why don't we let the application do the dirty work for us?
Last version introduces the most recent Frida hooks developed by the community for Android and iOS platforms to bypass and inspect security features and a new highly-customizable engine that allows to graphically create custom plugins to:
- Process requests/responses that pass through every Burp Suite tool, in order to be able to encrypt/decrypt/resign elements of requests and responses using Frida exported functions
- Add custom tab to Burp Suite request/response pane, in order to be able to decrypt/decode/process requests/responses (or portion of them) using Frida exported functions (and then encrypt/encode/process modifications and replacing the original request/response, if any)
- Add custom context menu options to invoke Frida exported functions on requests and responses
- Add buttons that invoke/enable Frida exported functions
- Python 2.7 or 3 with pyro4 module, frida client and frida-compile
- An iOS or Android device with the frida-server running on it (root privileges on the device required) or an application patched with the Frida's Gadget (root privileges on the device not required).
|Author||Federico Dotta, Piergiovanni Cipolloni|
|Last updated||18 May 2020|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.