frida
insomnia
frida | insomnia | |
---|---|---|
14 | 225 | |
14,787 | 33,126 | |
1.8% | 0.9% | |
9.2 | 9.7 | |
6 days ago | 7 days ago | |
Meson | JavaScript | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
frida
-
Reversing an Android app API
Frida, uff this is just AMAZING, yes with uppercase and in bold letters. They also has bindings on different languages that can be found in their github repository. Spoiler alert...the Go binding it's pure shit...really couldn't run it. Use just the default that it's installed with pip install frida-tools.
-
Using LD_PRELOAD to cheat, inject features and investigate programs
A great framework for doing something along those lines is Frida (https://github.com/frida/frida). Works on a bunch of stuff, including Android and iOS. Some global-ish certificate pinning bypasses work through Frida, by patching http libraries to not raise exceptions, accept system certificates, etc and just quietly hum along instead. Certificate unpinning in turn enables network MITM with mitmproxy, which makes it a lot quicker and easier to inspect, block, or modify network traffic.
Funnily enough, I've seen much stronger obfuscation from reverse engineering from my cheap Tuya IoT devices app than from my bank app.
-
iOS Application Security And Static Analysis
Install Frida from Github :- https://github.com/frida/frida
-
Have you ever heard of apk.sh? It makes reverse engineering Android apps easier.
// see: https://github.com/frida/frida/issues/382
-
Firefox Android now supports tampermonkey
If anyone needs a "monkey" not for web pages but for any process on your computer system, may I recommend Frida:
https://frida.re
https://github.com/frida/frida
With Frida, you write JavaScript programs and inject them into arbitrary processes, to hook and modify and call whatever you please.
It gets a lot of use in the reverse engineering and vulnerability research communities, but has broader scope too. For instance, I used it recently to automate the UI of a video production program on Windows, by injecting a thread that sends window messages to the main message loop and hooks into various system dialog functions.
- [Request] Tweak to Decrypt iPAs on Palera1n!
-
apk.sh, make reverse engineering Android apps easier!
var android_log_write = new NativeFunction( Module.getExportByName(null, '__android_log_write'), 'int', ['int', 'pointer', 'pointer'] ); var tag = Memory.allocUtf8String("[frida-sript][ax]"); var work = function() { setTimeout(function() { android_log_write(3, tag, Memory.allocUtf8String("ping @ " + Date.now())); work(); }, 1000); } work(); // console.log does not seems to work. see: https://github.com/frida/frida/issues/382 console.log("console.log"); console.error("console.error"); console.warn("WARN"); android_log_write(3, tag, Memory.allocUtf8String(">--(O.o)-<)");
-
How to use Galaxy Watch 4 on "unsupported" Android devices
Go to https://github.com/frida/frida/releases and download the latest frida-server--android-arm64.xz. Extract it and run adb push frida-server--android-arm64 /sdcard/frida-server
- HTTP Toolkit
-
Frida 15 Is Out
It sounds like a kind of black magic:
> ...It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX.
> ...Frida’s core is written in C and injects QuickJS into the target processes, where your JS gets executed with full access to memory, hooking functions and even calling native functions inside the process.
> There’s a bi-directional communication channel that is used to talk between your app and the JS running inside the target process.
Here's a description of the architecture:
https://frida.re/docs/hacking/
And the source:
https://github.com/frida/frida
---
Apparently using "wxWindows Library Licence, Version 3.1":
> This is essentially the LGPL, with an exception stating that derived works in binary form may be distributed on the user's own terms. This is a solution that satisfies those who wish to produce GPL'ed software using Frida, and also those producing proprietary software.
https://github.com/frida/frida/blob/master/COPYING
insomnia
-
Building a RESTful API with Node.js and Express
Use tools like Postman or Insomnia to test the API endpoints and ensure they behave as expected.
- Ask HN: Alternatives to Postman?
-
Make your Azure OpenAI apps compliant with RBAC
We will be performing all of the authentication requests manually, however for testing purposes, you might want to use an API testing tool such as Postman or Insomnia.
- The Collaborative API Development Platform – Insomnia
-
Local automation
For a very long time, the go-to tool was curl. Great, always available command line tool. Unfortunately, there is one small issue. It’s hard to keep requests and collect them in collections, it’s great for one-time shots or debugging, but for constant working with API could be painful. To solve it, I started working with tools like Postman/Insomnia. Then eh... strange licensing model, or changes which occurred from Kong side click, definitely push me again for some lookup. After checking different very popular tools and those not such well known I decided to use… Ansible. Sounds strange right? Let me explain this decision. For example, look at this code.
-
Tools that Make Me Productive as a Software Engineer
At first, I used Postman for testing APIs because it had a lot of features. But I switched to Insomnia because it was easier to use and kept everything organized. The big problem with Insomnia was that it deleted all my saved work when it made me create an account to keep using it.
-
Different Levels of Project Documentation
Often used for cases where a project exposes a REST or other type of API service. Open API is a popular method of documenting such API services. It can also be used along side tools such as Swagger Codegen to produce boilerplate code for API interaction / testing purposes. There may also be support files for popular API testing tools such as Postman or Insomnia. This makes it easier at a glance to see what data is coming back from a call so the user knows how to handle parsing the data.
-
Web scraping in 10 mins
Well, there is this website that I have been trying to scrape for a few days now. I had tried everything from scrapy splash on docker to almost giving up because I read somewhere that it was JavaScript rendered. Since the source code from the inspect part of the developer tools was different from the source code from the view-source:https//... on the same developer tools.How could this be possible? Then I kept searching on internet and found this concept; where you can mimic web-browsers requests from a server using an API program,and it worked magically. Some of the API programs are postman and insomnia. I prefer using insomnia for this particular case , feel free to use any other API program of your choice.
- Insomnia REST client updated to require signup to use
- GitHub stars are one of the most inexpensive ways to generate an outsized outcome in the community by leveraging the tailwinds of increased adoption
What are some alternatives?
objection - 📱 objection - runtime mobile exploration
Hoppscotch - Open source API development ecosystem.
httptoolkit - HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac :tada: Open an issue here to give feedback or ask for help.
altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
bloomrpc - Former GUI client for gRPC services. No longer maintained.
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
Visual Studio Code - Visual Studio Code
frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
swagger-ui - Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
httptoolkit-server - The backend of HTTP Toolkit
httpie - 🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.