Frida as an Alternative to Network Tracing

Jay Allen
6 min readMay 11, 2021

With network tracing getting harder, Frida is becoming a better way to break into black boxes.

Picture: (used under license)

Recently, a client asked if I could document the network behavior of a suite of mobile applications running on both Android and iOS. I thought at first that this would be straightforward.

The bad news? It was anything but. The good news? I discovered Frida, which let me tackle the problem in a whole other light.

The Black Boxes Are Getting More Opaque

In the good ol’ days of the Web, it was pretty easy to proxy a Web browser through a web debugging proxy like Fiddler or Burp Suite and capture its traffic. And that still works for many situations. However, there are many cases where this either falls short or is impossible.

A major issue is tracing mobile application behavior. To decrypt a mobile app’s encrypted web traffic over HTTPS, you have to get the app you want to trace to sign requests using a security certificate generated by your debugging proxy. On modern devices, this usually means (for Android) rooting your device with something like Magisk or (for iPhone) jailbreaking with an app such as unc0ver.

Even then, however, you still may not be able to get a specific app to use your user certificate. Many apps use a…