Android emulator setup

  • From Installing Frida, installing Frida on a device with root access:
    adb root
    adb push frida-server //data/local/tmp/
    adb shell
    cd /data/local/tmp
    chmod 755 ./frida-server
  • From Sniffing https traffic on Android 11, installing a certificate from Burp Suite on an Android 11 emulator:
    openssl x509 -inform der -in burp.cer -out certificate.pem
    cp certificate.pem `openssl x509 -inform pem -subject_hash_old -in certificate.pem | head -1`.0
    ./emulator -avd rRoot -writable-system
    adb push 9a5ba575.0 //sdcard/Download
    adb root
    adb shell avbctl disable-verification
    adb reboot
    adb root
    adb remount
    adb shell
    cp /sdcard/Download/9a5ba575.0 /system/etc/security/cacerts/
    chmod 644 /system/etc/security/cacerts/9a5ba575.0

Note: //sdcard and similar in adb push commands is to make it work with git bash on Windows.

  • From Sniffing TLS traffic on Android, setting up PolarProxy for sniffing TLS traffic:
    # Start PolarProxy
    PolarProxy -p 443,80 -w polarproxy.pcap
    # Setup adb reverse connection
    adb reverse tcp:443 tcp:443
    # iptables setup
    adb root
    adb shell
    iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination

Frida command line

  • From Installing Frida, list all running applications:
    frida-ps -U -a
  • From Solving OWASP MSTG UnCrackable App for Android Level 1:
    # Attach to a running application
    frida -U owasp.mstg.uncrackable1
    # Load a script and start a package
    frida -U --no-pause -l uncrackable1.js -f owasp.mstg.uncrackable1
  • From Bypassing certificate pinning with Frida:
    # Download script from
    frida -U -f com.whatsapp -l frida_multiple_unpinning.js --no-pause
  • To upgrade Frida Follow the instructions on to install the latest version of frida-server on the phone. Then to upgrade Frida on the computer run:
    pip install --upgrade frida-tools

Other tools