No option to inject Frida without app reloading #105
Comments
|
Hmm, interesting. You're talking about HTTP Toolkit's built-in integration presumably, not these scripts themselves? Unfortunately intercepting a running app like this is not 100% reliable in many cases, since there may already be connections open that this won't catch (and can't catch, without resetting all the app's connections which is complicated and might cause problems in itself). That's the main reason why it currently restarts the app. There's also various more specific hooks (particularly for Android cert unpinning) that must be run before the app starts because they hook class constructors etc, so that wouldn't work there for those cases too. If you need a more specific setup like this, I think the easiest option is to run Frida manually for your case with the options you need, instead of using the fully automated setup (by the nature of automated setups, they have to support the most common general case). Todo that, you'll just need to copy HTTP Toolkit's settings into config.js (see the instructions in the README in this repo) and then run your command above, and then all traffic will go to HTTP Toolkit and you can use all the tools there like normal. Does that work for you? |
|
Oh, now I understand why. Thank you for the clarification.
…On Mon, 5 Aug 2024 at 11:50 AM Tim Perry ***@***.***> wrote:
Hmm, interesting. You're talking about HTTP Toolkit's built-in integration
presumably, not these scripts themselves?
Unfortunately intercepting a running app like this is not 100% reliable in
many cases, since there may already be connections open that this won't
catch (and *can't* catch, without resetting all the app's connections
which is complicated and might cause problems in itself). That's the main
reason why it currently restarts the app. There's also various more
specific hooks (particularly for Android cert unpinning) that must be run
before the app starts because they hook class constructors etc, so that
wouldn't work there for those cases too.
If you need a more specific setup like this, I think the easiest option is
to run Frida manually for your case with the options you need, instead of
using the fully automated setup (by the nature of automated setups, they
have to support the most common general case). Todo that, you'll just need
to copy HTTP Toolkit's settings into config.js (see the instructions in the
README in this repo) and then run your command above, and then all traffic
will go to HTTP Toolkit and you can use all the tools there like normal.
Does that work for you?
—
Reply to this email directly, view it on GitHub
<#105 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APDKFQTI6HTXYZGWKWDFM43ZP44FBAVCNFSM6AAAAABL7L2FCCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRYGUYTOOBTGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
.com>
|
Hello,
In a lot of cases that we encountered, it was crucial to the Frida injection to be hot reloaded and not being a full restart.
This could be solved by replacing the
-fflag with-pflag:Could we have an update to the application that includes this change? It is really inconvenient to restart the app every time, losing a lot of progress and in our current use-case actually failing the whole process.
The text was updated successfully, but these errors were encountered: