首页
论坛
课程
招聘
[转帖]Brida 0.5 released for Hack In Paris 2021
2021-11-24 20:32 2242

[转帖]Brida 0.5 released for Hack In Paris 2021

2021-11-24 20:32
2242

Brida 0.5 released for Hack In Paris 2021


Last Friday my colleague Piergiovanni and I presented the new features of Brida 0.4 and 0.5 at Hack In Paris 2021! We presented two versions because we were supposed to introduce Brida 0.4 during Hack In Paris 2020, but due to the COVID-19 pandemic the conference was postponed to 2021. So, last year we released version 0.4 and then we released version 0.5 for the 2021 edition of the conference.


Brida is a Burp Suite Extension that, acting as a bridge between Burp Suite and Frida, lets you use and manipulate applications’ own methods while tampering the traffic exchanged between the applications and their back-end services/servers. It supports all platforms supported by Frida (Windows, macOS, Linux, iOS, Android, and QNX).


During the presentation we showcased the new features of Brida using two different demos, one for iOS and one for Android. We added the two demos to the Brida repository and in the next days we will also add the Brida plugins that can be used to bypass in-place encryption and signing protections. Thanks to the demo it will be more easy to try all Brida features we use in our everyday work to speed up mobile penetration tests.


One of the biggest improvements of the new versions of Brida is the custom plugin engine, that can be used to graphically create plugins that:


Process requests/responses that pass through every Burp Suite tool, in order to be able to encrypt/decrypt/resign elements of requests and responses using Frida exported functions

Add a custom tab to Burp Suite request/response pane, in order to be able to decrypt/decode/process requests/responses (or portions of them) using Frida exported functions (and then encrypt/encode/process any modifications and replace the original request/response)

Add custom context menu options to invoke Frida exported functions on requests and responses

Add buttons that invoke/enable Frida exported functions

Furthemore, the presence of many different Frida hooks that can be used to bypass and inspect security features speed up the job even further, including SSL Pinning bypass, fingerprint authentication bypass, Crypto inspection and Swift demangle!


Brida and its resources can be found on GitHub:


Brida repository: https://github.com/federicodotta/Brida

Brida releases: https://github.com/federicodotta/Brida/releases

Brida wiki: https://github.com/federicodotta/Brida/wiki

Android demo: https://github.com/federicodotta/Brida/tree/master/Demo/Android

iOS demo: https://github.com/federicodotta/Brida/tree/master/Demo/iOS

When the video and slides of the conference are published by the Hack In Paris crew, we will add a link in the repository.


https://security.humanativaspa.it/brida-0-5-released-for-hack-in-paris-2021/



【公告】看雪团队招聘安全工程师,将兴趣和工作融合在一起!看雪20年安全圈的口碑,助你快速成长!

收藏
点赞0
打赏
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回