Skip to content

Brida components

Jump to bottom
Federico Dotta edited this page Apr 14, 2020 · 2 revisions

Main elements

Brida GUI is made up of three main elements:

brida-components-1

  1. Tabbed main panel, that contains all the Brida tools and configurations
  2. Brida button panel, always visible, with a set of buttons fixed for all the tabs of Brida (above the two yellow lines) and a set of buttons that depends on the particular tab (below the two yellow lines)
  3. Brida console, always visible, in which Frida and Brida scripts and exceptions are printed

Brida plugis has the following tabs, described in the following sections:

  1. Configurations
  2. JS Editor
  3. Hooks and functions
  4. Graphical analysis
  5. Graphical hooks
  6. Custom plugins
  7. Generate stubs
  8. Debug export

Tabben main panel

Configurations

brida-components-2

Configuration tab includes all the settings necessary to Brida to work properly:

  • Full path of the python binary
  • Host and port in which Pyro4 server will listen
  • Full path of the frida-compile binary
  • Folder that contains all the Brida JS files
  • Application ID of the app that we are going to inspect
  • Type of connection (local for local processes, USB for processes executed on a USB-connected device, Remote for processes executed on an remote device through a port redirection)

JS Editor

brida-components-3

A JS editor integrated into Burp Suite, in order to be able to edit Brida JS files and add custom hooks and exported functions directly from Burp Suite. The editor has JS syntax highlighting.

Hooks and functions

brida-components-4

This tab includes many default hooks/functions that can be enabled/executed pushing a button. These Frida scripts include the most recent hooks for Android and iOS platforms to bypass and inspect security features. Button in this pane can be also added from the "Custom plugins" section.

Graphical analysis

brida-components-5

In this tab it is possible to enumerate, inspect and manipulate Java/ObjC (iOS) classes/methods and exports of arbitrary platforms. The tool allows to trace methods/exports with or without backtrace and to change the return value (only with predefined return types).

Graphical hooks

brida-components-6

In this tab it is possible to enable/disable/remove hooks added in the "Graphical analysis" tab. Hooks added in the "Graphical analysis" are persistent across spawing/attaching sessions are executed again when the application is killed/detached and respawned/re-attached, if they are not disabled or removed from this tab.

Custom plugins

brida-components-7

This tab allows to define Brida internal custom plugins from a graphical interface, that use the Brida engine for the communications with the inspected app. The engine is highly customizable and should minimize the situations in which an external plugin is necessary. It is possible to define four different types of custom plugins:

  • IHttpListener: Process requests/responses that pass through every Burp Suite tool, in order to be able to encrypt/decrypt/resign elements of requests and responses using Frida exported functions
  • IMessageEditorTab: Add custom tabs to Burp Suite request/response pane, in order to be able to decrypt/decode/process requests/responses (or portion of them) using Frida exported functions (and then encrypt/encode/process modifications and replacing in original request/response, if any)
  • IContextMenu: Add custom context menu options to the right-button menu of Burp Suite that invoke Frida exported functions on requests and responses (or portion of them)
  • JButton: Add buttons that invoke/enable Frida exported functions

Generate stubs

brida-components-8

If the complex situation could not be solved with the internal custom plugins engine, it is possible to use Brida engine from an external Burp Suite plugin. This tab generates Java and Python stubs that can be copied and pasted in the external plugin, in order to allow the communication between Burp Suite and Frida using Brida.

Debug exports

brida-components-9

This tab can be used to debug Frida exported functions before employing them in the Brida plugins. In order to use Brida custom plugins (or external plugins that use Brida) it is necessary to put Frida code inside some Frida exported functions, called by the plugins. In this tab it is possible to call directly Frida exports, in order to allow an easy debug.

Brida button panel

brida-components-10

Brida button panel is made up of three different sections:

  • On the top there are the status of Pyro4 server (started/stopped) and the status of the application (hooked/not hooked by Brida)
  • In the center there is a set of buttons fixed for all the tabs of Brida (above the two yellow lines). These buttons are used to do general tasks like start/stop Pyro4 server, spawn/attach/kill/detach an application (with frida-compile compiling), reload JS file, etc.
  • On the bottom there is a set of buttons that depends on the particular Brida sub-tab (below the two yellow lines)

Brida console

brida-components-11

Brida console is the unified destination for output coming from Frida scripts, Brida core, Brida tools and exceptions. All the output of the Frida console.log, console.warn and console.error is also printed in this console.

Clone this wiki locally