Frida iOS Intercept Api

Banking applications are increasingly enhanced with confidentiality. One of them is the encryption of request / response data when sending and receiving. Some weak encryptions can be decrypted easily, but some strong encryptions like RSA are difficult. Hooking into functions that send request/response and intercept data before it’s encrypted is one way we can view and modify the data.

After searching the internet for a while, I found a blog post on cedricvb.be. Fortunately, there is an article related to the problem I am looking for, but it does not have instructions for iOS.

After a few hours of coding and testing I have almost finished the components to be able to work for the iOS app. All are aggregated in the repository: https://github.com/noobpk/frida-ios-intercept-api

Tool interface

Architecture

How it work

Part1

Part2

How to use

Step1: Use static analysis and dynamic analysis of the application to find the function to use to send request / response

Recommended tools: IDA, Hopper, objection, frida-ios-hook, ….

Step2: Once you find the class and method your app uses, add it to handler.js

Add class & method

Hint: You need to run the script first to debug the results and edit the results to suit your application. You can debug the script with frida or frida-ios-hook.

Remove comment code when debug result

Step3: After everything works fine, you run echoServer.py and configure burpsuite.

Config burpsuite listen on 127.0.0.1:26080

Redirect to 127.0.0.1:27080 and Check (Support invisible proxying)

Step4: Run burpTracer.py with option -p (spawn) or -n (attach) and check the result.

Demo on OBank

Demo on BS Application

Demo on SBank