Brida 0.5 released for Hack In Paris 2021!

Hi!

Last Friday my colleague Piergiovanni and I presented the new features of Brida 0.4 and 0.5 at Hack In Paris 2021! We presented two versions because we were supposed to introduce Brida 0.4 during Hack In Paris 2020, but due to the COVID-19 pandemic the conference was postponed to 2021. So, last year we released version 0.4 and then we released version 0.5 for the 2021 edition of the conference.

Brida is a Burp Suite Extension that, acting as a bridge between Burp Suite and Frida, lets you use and manipulate applications’ own methods while tampering the traffic exchanged between the applications and their back-end services/servers. It supports all platforms supported by Frida (Windows, macOS, Linux, iOS, Android, and QNX).

During the presentation we showcased the new features of Brida using two different demos, one for iOS and one for Android. We added the two demos to the Brida repository and in the next days we will also add the Brida plugins that can be used to bypass in-place encryption and signing protections. Thanks to the demo it will be more easy to try all Brida features we use in our everyday work to speed up mobile penetration tests.

One of the biggest improvements of the new versions of Brida is the custom plugin engine, that can be used to graphically create plugins that:

Process requests/responses that pass through every Burp Suite tool, in order to be able to encrypt/decrypt/resign elements of requests and responses using Frida exported functions
Add a custom tab to Burp Suite request/response pane, in order to be able to decrypt/decode/process requests/responses (or portions of them) using Frida exported functions (and then encrypt/encode/process any modifications and replace the original request/response)
Add custom context menu options to invoke Frida exported functions on requests and responses
Add buttons that invoke/enable Frida exported functions

Furthemore, the presence of many different Frida hooks that can be used to bypass and inspect security features speed up the job even further, including SSL Pinning bypass, fingerprint authentication bypass, Crypto inspection and Swift demangle!

Brida and its resources can be found on GitHub:

Brida repository: https://github.com/federicodotta/Brida
Brida releases: https://github.com/federicodotta/Brida/releases
Brida wiki: https://github.com/federicodotta/Brida/wiki
Android demo: https://github.com/federicodotta/Brida/tree/master/Demo/Android
iOS demo: https://github.com/federicodotta/Brida/tree/master/Demo/iOS

When the video and slides of the conference are published by the Hack In Paris crew, we will add a link in the repository.

Cheers!

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Brida 0.5 released for Hack In Paris 2021!

Blog Categories

Tags

Legal and Administrative

www.humanativaspa.it