Runtime mobile application instrumentation toolkit powered by Frida.
Platform support: Android (via ADB). iOS is architecturally supported but not yet wired up.
- Traffic interception — MITM proxy with automatic CA cert install and device proxy config via ADB. Captures full request/response data, stored in SQLite
- Intercept mode — Pause in-flight HTTP requests, edit method/URL/headers/body in the UI, then forward modified, forward original, or drop. Supports glob-based match rules (host, path, method, content type). Paused requests auto-forward after 60s to prevent app hangs
- SSL unpinning — Hooks native SSL libraries (BoringSSL, Flutter, Cronet, Conscrypt, libcurl) and Java TrustManager to bypass certificate pinning
- Sessions — Attach to any app by bundle ID, resume past sessions, view history. Cleans up device state on detach
- Logcat — Streams and stores device logs per session
- AI analyst — Embedded LLM chat with tool access to captured traffic, logs, and intercepted requests. Can autonomously modify and forward paused requests to test authorization bypasses
- Web UI — Embedded React SPA with network inspector, request editor, logcat viewer, process list, and AI chat
React UI ←── HTTP/WS ──→ Go Server ←── Unix Socket ──→ Deno Sidecar ←── Frida ──→ Device
│
SQLite
- Go 1.22+, Deno 2.x, Bun
adbin$PATH- Rooted Android device or emulator
make install # install deps
make dev # dev mode with hot reload
make build # production binaryServer runs at http://localhost:8080.