basis

pip install frida-tools # CLI tools
pip install frida # Python bindings
pip install objection
frida-ps -U
objection: memory list modules

tcpdump

tcpdump -i any -s 0 -w /sdcard/capture.pcap

sslkey with wireshark

frida -U -f com.twitter.android -l ./sslkeyfilelog.js --no-pause
filter in wireshark: (http.request or tls.handshake.type eq 1) and !(ssdp)

disable ssl pinning

objection --gadget "com.twitter.android" explore

- android sslpinning disable  
- ios sslpinning disable  

frida --codeshare machoreverser/ios12-ssl-bypass -f com.ss.iphone.ugc.Aweme -U
frida -U --no-pause -f com.ss.iphone.ugc.Aweme -l ssl.js

frida-ios-dump

win env:

- download & place zip from http://stahlworks.com/dev/index.php?tool=zipunzip  
- comment "chmod" call  

py -3 dump.py -l
py -3 dump.py -H 192.168.3.129 -p 22 "Aipo"

url dump

frida-trace -U -f identifiers.home1.huanjing6id -m "+[NSURL URLWithString:]"
show url: edit in handlers add log(ObjC.Object(args[2]))

socket dump

frida-trace -U -f identifiers.home1.huanjing6id -m "-[GCDAsyncSocket connectToHost:onPort:viaInterface:withTimeout:error:]"  
frida-trace -U -f identifiers.home1.huanjing6id -m "-[GCDAsyncSocket writeData:withTimeout:tag:]"  
hook all methods in class: frida-trace -U -f identifiers.home1.huanjing6id -m "*[GCDAsyncSocket *]"   
frida-trace -U -f identifiers.home1.huanjing6id -i "*SSL_write*"  
show host/data: edit in handlers add log(ObjC.Object(args[X]))  
show callstack:  
>var threadClass = ObjC.classes.NSThread  
>var symbols = threadClass["+ callStackSymbols"]()  
>console.log(symbols)  
OR:  
>console.log('\tBacktrace:\n\t' + Thread.backtrace(this.context,Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\n\t'));  

socket dump

objection --gadget "Aipo" explore

- ios hooking search classes socket  

generate hook.txt: ios hooking watch class XXX
objection --gadget "Aipo" explore -c hook.txt

- ios hooking watch method "XXX" --dump-args --dump-backtrace --dump-return