Patching Android ARM64 library initializers for easy Frida instrumentation and debugging

Intro During both mobile security and mobile resiliency assessments, you often end up instrumenting the application to analyze its internals. By using either Frida or a classical debugger, we can gain valuable insight into the data flows and also modify some data on the fly to make the application behave the way we want it … Continue reading Patching Android ARM64 library initializers for easy Frida instrumentation and debugging →

Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)

Some time ago I wrote some articles on how to Man-In-The-Middle Flutter on iOS, Android (ARM) and Android (ARM64). Those posts were quite popular and I often went back to copy those scripts myself. Last week, however, we received a Flutter application where the script wouldn't work anymore. As we had the source code, it … Continue reading Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning) →