Frida Script Runner

Powerful web-based toolkit for Android & iOS penetration testing and mobile security analysis

v2.0.0 Android & iOS AI-Powered Open Source

Quick Navigation

Overview

Frida Script Runner is a comprehensive web-based toolkit designed to simplify mobile application security analysis and penetration testing for both Android and iOS platforms. It provides a user-friendly interface through Flask to enhance the efficiency of security testing tasks.

What is Frida Script Runner?

This tool simplifies the process of interacting with Frida, a dynamic instrumentation toolkit. It features AI-powered script generation through Codex CLI integration with MCP (Model Context Protocol) servers for advanced binary analysis, making it easier than ever to analyze, manipulate, and interact with mobile applications.

Key Capabilities

Script Execution

Execute custom Frida scripts on Android and iOS applications with real-time output monitoring.

AI Script Generation

Generate Frida scripts automatically using AI with advanced prompt engineering and binary analysis.

APK/IPA Extraction

Dump APK (Android) and IPA (iOS) files directly from connected devices.

Security Analysis

Detect SSL pinning, bypass root/jailbreak detection, and analyze app security.

Features

Core Functionality

Run Frida Scripts

Execute custom Frida scripts on selected mobile applications to analyze and manipulate their behavior. Support for both Android and iOS platforms with real-time script execution monitoring.

  • Select from pre-built bypass scripts
  • Run custom scripts via text input
  • Real-time output streaming
  • Frida REPL command support
Real-time Output

View real-time output generated by the Frida process, allowing instant feedback on script execution. Monitor logs, errors, and script results as they happen.

  • Live log streaming
  • Separate FSR and Frida logs
  • Terminal-style interface
  • Clear and filter capabilities
Script Organization

Organize Frida scripts into different directories for efficient management and easy selection. Separate directories for Android and iOS scripts.

  • Script Directory 1: Android scripts
  • Script Directory 2: iOS scripts
  • JSON-based script metadata
  • Searchable script list
Custom Scripting

Easily create and run custom Frida scripts by copy-pasting the script code directly into the tool. No need to save files - just paste and run.

  • Direct script input
  • Frida Codeshare integration
  • Script validation
  • Auto-fix capabilities

AI-Powered Script Generation

Advanced AI Integration

Generate Frida scripts automatically using natural language prompts. The AI system uses Codex CLI with MCP (Model Context Protocol) servers for real-time binary analysis and reverse engineering.

Codex CLI Integration

Generate Frida scripts using the Codex CLI with advanced prompt engineering. The system understands your requirements and generates optimized scripts automatically.

  • Natural language prompts
  • Context-aware generation
  • Multi-turn conversations
  • Prompt refinement tools
MCP Server Support

Access Ghidra and JADX MCP servers for real-time binary analysis and reverse engineering. Get accurate function names, addresses, and binary structure information.

  • Ghidra MCP Server integration
  • JADX MCP Server for APK analysis
  • Real-time binary analysis
  • Function signature extraction
Frida API Compatibility

AI-generated scripts use only compatible functions from the official Frida JavaScript API. Ensures scripts work correctly with your Frida version.

  • Official API compliance
  • Version compatibility checks
  • Error handling included
  • Best practices enforced
ARM Android Optimization

Scripts are specifically optimized for ARM Android devices with proper stability patterns. Includes ARM-specific error handling and memory management.

  • ARM architecture support
  • Stability patterns included
  • Memory leak prevention
  • Performance optimization
Interactive Script Tester

Test and refine your prompts with the built-in Codex Bridge web interface. Accessible at http://localhost:8091 when the bridge is running.

  • Web-based testing interface
  • Real-time script generation
  • Prompt history and refinement
  • Export generated scripts

Application Management

Dump APK/IPA From Device

Extract APK (Android) or IPA (iOS) files from connected devices by selecting installed packages. Supports both regular and split APKs.

  • Android APK extraction
  • iOS IPA decryption and extraction
  • Split APK support (downloads as ZIP)
  • Custom filename options
Searchable Package List

Quickly find target applications via live search functionality in the package selector. Real-time filtering as you type.

  • Live search filtering
  • Package name matching
  • Quick refresh capability
  • Device-specific packages
Custom Filename Option

Define a custom name for the dumped APK/IPA instead of using the default package name. Makes organization easier for multiple versions.

  • Custom naming for APKs
  • Custom naming for IPAs
  • Version tracking support
  • Organized downloads
Install APK to Device

Upload and install an APK file directly onto an Android device with a single click. Progress tracking and status updates included.

  • Direct APK installation
  • Upload progress tracking
  • Installation status feedback
  • Error handling and reporting

Advanced Tools

Frida Server Management

Manage Frida server installation and execution directly from the web interface. Start, stop, and monitor Frida server status for connected devices.

  • Auto-detect Frida server
  • Start/stop server controls
  • Version checking
  • Force download option
Frida Gadget Manager

Inject Frida Gadget into APK files for runtime instrumentation without root/jailbreak. Manage gadget versions and architectures.

  • APK injection support
  • Multiple architecture support
  • Gadget version management
  • Cache management
SSL Pinning Detector

Detect SSL pinning implementations in Android APKs. Analyze uploaded APKs or installed packages to identify SSL pinning mechanisms.

  • APK upload analysis
  • Package-based analysis
  • Multiple detection methods
  • Detailed reporting
Mobile Proxy

Configure Android device HTTP proxy settings via ADB. Set or clear global HTTP proxy for network traffic interception.

  • HTTP proxy configuration
  • ADB-based setup
  • Clear proxy option
  • Quick configuration
Frida Codeshare Integration

Search and import Frida scripts from the Frida Codeshare repository. Access thousands of community-contributed scripts.

  • Search Codeshare scripts
  • Import directly to editor
  • Script preview
  • Community scripts access
ADB GUI

Graphical interface for ADB commands. Execute common ADB operations through a user-friendly web interface.

  • Device management
  • Command execution
  • File operations
  • Log viewing

Pre-built Script Library

The tool includes an extensive library of pre-built Frida scripts for common security testing scenarios:

Android Scripts
  • SSL Pinning Bypass
  • Root Detection Bypass
  • OkHttp SSL Bypass
  • Flutter TLS Disable
  • Emulator Bypass
  • Biometric Bypass
  • PIN Bypass
iOS Scripts
  • Jailbreak Detection Bypass
  • SSL Pinning Bypass
  • TrustKit Bypass
  • Flutter Bypass
  • Biometric Bypass
  • AFNetwork SSL Bypass

Installation

Prerequisites

Required Software
  • Python 3.11.x (required)
  • Flask (web framework)
  • Frida (instrumentation toolkit)
  • ADB (for Android)
  • ideviceinfo (for iOS)
AI Features (Optional)
  • Codex CLI (for AI script generation)
  • Ghidra MCP Server (binary analysis)
  • JADX MCP Server (APK analysis)

Device Requirements

Important Requirements
  • Android: Root access required for Frida server installation
  • iOS: Jailbroken device with Frida installed via Cydia/Sileo/Zebra

Method 1: Native Installation

# Clone the repository
git clone https://github.com/z3n70/Frida-Script-Runner.git
cd Frida-Script-Runner

# Install dependencies
pip3 install -r requirements.txt

# Run the application
python3.11 frida_script.py

# Access the web interface
# http://127.0.0.1:5000

Method 2: Docker Installation

# Build and run with Docker Compose
docker-compose up --build

# Start Codex Bridge (for AI features)
# On host machine (Windows/Linux/macOS)
python codex-bridge.py

# Access the applications
# Frida Script Runner: http://localhost:5000
# Codex Bridge Tester: http://localhost:8091

AI Setup (Optional)

If you want to use AI-powered script generation:

  1. Install Codex CLI: Follow the Codex CLI setup guide
  2. Configure MCP Servers:
    • Set up Ghidra MCP server for binary analysis
    • Configure JADX MCP server for APK analysis
    • Update paths in codex-bridge.py if needed
    • Copy .config.toml.example to .config.toml and adjust MCP server paths

Usage Guide

Basic Usage

1. Device Setup
  • Connect your USB device and enable USB debugging (Android) or trust the computer (iOS)
  • For Android: Ensure device is rooted and Frida server is installed
  • For iOS: Ensure device is jailbroken with Frida installed via Cydia/Sileo/Zebra
  • Start Frida server from the web interface if needed
2. Run Scripts
  1. Open the web interface at http://127.0.0.1:5000
  2. Select the target package from the dropdown
  3. Choose a pre-built script or enter custom script code
  4. Click "Run Frida" to start the Frida process
  5. View real-time output in the output container
3. Script Management
  • Android scripts: Place in scripts/Script Directory 1/
  • iOS scripts: Place in scripts/Script Directory 2/
  • See static/data/script.json for structure and naming conventions

AI-Powered Script Generation

Using the Web Interface
  1. Navigate to the main interface
  2. Select "Auto Generate Script" from the script dropdown
  3. Enter your request in natural language (e.g., "Hook the login function and log parameters")
  4. Click "Generate Script" to create a custom Frida script
  5. Review and run the generated script
Example Prompts
  • "Intercept SSL pinning bypass for Android app"
  • "Hook Java method com.example.App.authenticate and modify return value"
  • "Monitor file operations and log file paths"
  • "Hook the main function and log all parameters"
  • "Bypass root detection in RootBeer library"
  • "Hook native function strcmp in libc.so"

Advanced Features

Binary Analysis

AI can access Ghidra/JADX data for accurate function names and addresses, making script generation more precise.

Auto-Fix

Scripts automatically include ARM stability patterns and error handling for better reliability.

Real-time Analysis

MCP servers provide live binary analysis during script generation, ensuring up-to-date information.

Architecture

┌─────────────────────┐    ┌─────────────────────┐    ┌─────────────────────┐
│   Web Interface     │    │  Codex Bridge       │    │   MCP Servers       │
│   (Flask App)       │◄───┤  (AI Integration)   │◄───┤  (Binary Analysis)  │
│                     │    │                     │    │                     │
│ • Script Runner     │    │ • Codex CLI Proxy   │    │ • Ghidra Server     │
│ • Package Manager   │    │ • Prompt Engineering│    │ • JADX Server       │
│ • Real-time Output  │    │ • MCP Client        │    │ • Function Analysis │
└─────────────────────┘    └─────────────────────┘    └─────────────────────┘
           │
           ▼
┌─────────────────────┐    ┌─────────────────────┐
│   Frida Runtime     │    │   Mobile Device     │
│                     │◄───┤                     │
│ • Script Execution  │    │ • Android (rooted)  │
│ • Instrumentation   │    │ • iOS (jailbroken)  │
│ • Memory Analysis   │    │ • Running Apps      │
└─────────────────────┘    └─────────────────────┘

The architecture consists of four main components:

  1. Web Interface (Flask App): Provides the user interface and handles HTTP requests
  2. Codex Bridge: Acts as a proxy between the web interface and Codex CLI, handling AI script generation
  3. MCP Servers: Provide binary analysis capabilities through Ghidra and JADX integrations
  4. Frida Runtime: Executes scripts on connected mobile devices

Contributing

Contributions are welcome! Here's how you can help:

  1. Fork the repository and create a feature branch
  2. Test thoroughly on both Android and iOS devices
  3. Document new features in README and code comments
  4. Follow coding standards and maintain compatibility
  5. Submit pull requests with clear descriptions

Contact the maintainer: @zenalarifin_

License

This project is licensed under the MIT License - see the LICENSE file for details.