frida
tampermonkey
frida | tampermonkey | |
---|---|---|
14 | 26 | |
14,787 | 3,898 | |
1.8% | 2.2% | |
9.2 | 0.0 | |
5 days ago | about 2 months ago | |
Meson | JavaScript | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
frida
-
Reversing an Android app API
Frida, uff this is just AMAZING, yes with uppercase and in bold letters. They also has bindings on different languages that can be found in their github repository. Spoiler alert...the Go binding it's pure shit...really couldn't run it. Use just the default that it's installed with pip install frida-tools.
-
Using LD_PRELOAD to cheat, inject features and investigate programs
A great framework for doing something along those lines is Frida (https://github.com/frida/frida). Works on a bunch of stuff, including Android and iOS. Some global-ish certificate pinning bypasses work through Frida, by patching http libraries to not raise exceptions, accept system certificates, etc and just quietly hum along instead. Certificate unpinning in turn enables network MITM with mitmproxy, which makes it a lot quicker and easier to inspect, block, or modify network traffic.
Funnily enough, I've seen much stronger obfuscation from reverse engineering from my cheap Tuya IoT devices app than from my bank app.
-
iOS Application Security And Static Analysis
Install Frida from Github :- https://github.com/frida/frida
-
Have you ever heard of apk.sh? It makes reverse engineering Android apps easier.
// see: https://github.com/frida/frida/issues/382
-
Firefox Android now supports tampermonkey
If anyone needs a "monkey" not for web pages but for any process on your computer system, may I recommend Frida:
https://frida.re
https://github.com/frida/frida
With Frida, you write JavaScript programs and inject them into arbitrary processes, to hook and modify and call whatever you please.
It gets a lot of use in the reverse engineering and vulnerability research communities, but has broader scope too. For instance, I used it recently to automate the UI of a video production program on Windows, by injecting a thread that sends window messages to the main message loop and hooks into various system dialog functions.
- [Request] Tweak to Decrypt iPAs on Palera1n!
-
apk.sh, make reverse engineering Android apps easier!
var android_log_write = new NativeFunction( Module.getExportByName(null, '__android_log_write'), 'int', ['int', 'pointer', 'pointer'] ); var tag = Memory.allocUtf8String("[frida-sript][ax]"); var work = function() { setTimeout(function() { android_log_write(3, tag, Memory.allocUtf8String("ping @ " + Date.now())); work(); }, 1000); } work(); // console.log does not seems to work. see: https://github.com/frida/frida/issues/382 console.log("console.log"); console.error("console.error"); console.warn("WARN"); android_log_write(3, tag, Memory.allocUtf8String(">--(O.o)-<)");
-
How to use Galaxy Watch 4 on "unsupported" Android devices
Go to https://github.com/frida/frida/releases and download the latest frida-server--android-arm64.xz. Extract it and run adb push frida-server--android-arm64 /sdcard/frida-server
- HTTP Toolkit
-
Frida 15 Is Out
It sounds like a kind of black magic:
> ...It’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX.
> ...Frida’s core is written in C and injects QuickJS into the target processes, where your JS gets executed with full access to memory, hooking functions and even calling native functions inside the process.
> There’s a bi-directional communication channel that is used to talk between your app and the JS running inside the target process.
Here's a description of the architecture:
https://frida.re/docs/hacking/
And the source:
https://github.com/frida/frida
---
Apparently using "wxWindows Library Licence, Version 3.1":
> This is essentially the LGPL, with an exception stating that derived works in binary form may be distributed on the user's own terms. This is a solution that satisfies those who wish to produce GPL'ed software using Frida, and also those producing proprietary software.
https://github.com/frida/frida/blob/master/COPYING
tampermonkey
-
Show HN: Sniper: A Manifest V3 web extension for dynamic user specified actions
This extension makes use of JS computed property names to perform user specified dynamic actions on user specified elements.
I started working on an extension primarily for my own very specific use case. I knew of Tampermonkey and it's relatives before, but hadn't used it extensively. I also was following the news of MV3, so wasn't sure of their long term viability. But more than anything having recently got into frontend development I also just wanted to build an extension myself, getting to understand the newer limitation and alternatives was just a bonus point.
Literally a couple of days ago I got to know (From HN nonetheless https://news.ycombinator.com/item?id=38526277) that userscripts are going to be allowed in MV3 too, so I finally decided to actually check out ViolentMonkey, which is pretty neat, but from the looks of it would have to migrate to `chrome.userScripts.register` which would eventually require `userScripts` permission and with it would need [developer mode enabled](https://developer.chrome.com/docs/extensions/reference/api/u...). While browsing through the subsequent discussions I saw there were many other alternatives for dynamic script execution, from creating and the dynamic code to `` tags to using `evaljs`, but I wasn't aware of them while building this (see for ex: <a href="https://news.ycombinator.com/item?id=31425256">https://news.ycombinator.com/item?id=31425256</a> and <a href="https://github.com/Tampermonkey/tampermonkey/issues/644#issuecomment-857838249">https://github.com/Tampermonkey/tampermonkey/issues/644#issu...</a>) (and tbf it wan't even my goal to get full JS execution in my extension).<p>Long term my goal was to build a small JSON config for the actions needed and parse and apply them to have the desired behavior. I also was planning on exposing some extension only behavior (like tab functionality) via message passing with service workers (The config could be something like
-
If your Firefox suddenly started to hang or become extremely slow today, check if you have tampermonkey 5.0. Disable it for now as it seems to be the culprit.
Do you use "Never Remember History"? There are bug reports about it. Fix is soon to be released.
-
Ever since today my browser stopped working
Yes, I'm having the exact same problem. It was updated on Nov. 30 and I can't find a way to downgrade back to the last version. There's been several issues posted on the tampermonkey github recently but I don't have enough technical knowledge to know if any of those issues applies to this problem. And just like you, I can't even see my scripts to move them to a different script manager.
-
Tampermonkey: Dev Mode will become mandatory for running userscripts in Chromium
I have no damn idea why Tampermonkey, which as very best I can tell is closed source <https://github.com/Tampermonkey/tampermonkey/blob/master/REA...>, is on the "blessed" Firefox for Android list when Violentmonkey <https://github.com/violentmonkey/violentmonkey#readme> is MIT, although I readily admit doesn't it have a "politically correct" name
-
How can I create a self hosted tampermonkey?
I use it a lot and it used to be on github until version 2.9. I guess I could use that but wondering if there are some other nice selfhosted versions where I can easily modify my Chrome webpages that I should consider.
-
umm..."Introducing Tam, your helpful assistant", Tampermonkey's v4.19 opt-out (should be opt-in) 'feature'. Thoughts?
I want to chime on that as it's worth noting that Tampermonkey is no longer open source. I mean it's like that for years - its GitHub repo clearly stands it's just an archive version and commits there date back to 2018. Here's one of the first posts when author went proprietary license and started gaining data (with his comment btw) and technically there's also Security section in FAQ and full Privacy Policy. Also FWIK website is the only place you get info about changes - highlighting that to stop looking for insights on GitHub.
-
Tampermonkey extension
If you can't the answers you're looking for in the Tampermonkey FAQ, you can ask them in the official Tampermonkey support forum.
-
Weird cookie behavior
Tampermonkey devs have implemented it but didn't release it yet and Violentmonkey devs don't want to implement it, so I guess I'm not fixing this issue anytime soon.
-
badfilter with dynamic filters?
Specific case: uBlock Origin seems to block TamperMonkey from either injecting or running my userscript. (See https://github.com/Tampermonkey/tampermonkey/issues/1709 ) I was thinking it might be one of the above rules but I can't really get much out of the logger, and trying to disable those rules doesn't work. Does anyone have an idea on how to progress?
-
Firefox Android now supports tampermonkey
https://github.com/Tampermonkey/tampermonkey/blob/master/COP...
this says GPL so unless they update their license file here, this stays
What are some alternatives?
objection - 📱 objection - runtime mobile exploration
violentmonkey - Violentmonkey provides userscripts support for browsers. It works on browsers with WebExtensions support.
httptoolkit - HTTP Toolkit is a beautiful & open-source tool for debugging, testing and building with HTTP(S) on Windows, Linux & Mac :tada: Open an issue here to give feedback or ask for help.
uBlock - uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
json-rules-engine - A rules engine expressed in JSON
Proxyman - Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
chrome-extensions-samples - Chrome Extensions Samples
frida-ios-hook - A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform
browser_extension - A browser extension that redirects popular sites to alternative privacy friendly frontends
httptoolkit-server - The backend of HTTP Toolkit
libredirect - A browser extension that redirects popular sites to alternative privacy friendly frontends [Moved to: https://github.com/libredirect/browser_extension]