An helper for mobile applications analysis
StagMan is a front end for
frida (https://awesomeopensource.com/project/frida/frida). It is made for speeding up the reverse engineering activity using useful
frida-script and allowing to see results in real time.
yay -S python python-urwid npm python-frida && npm install frida-compile -g && npm install frida-fs -g
After installing the dependencies, simply
git clone <URL> and run
usage: stagman.py [-h] [-a STRING] [-d STRING] [-p STRING [STRING ...]] [-x] [--headless] Stagman V.1.0 optional arguments: -h, --help show this help message and exit -a STRING, --application STRING Select the application to spawn -d STRING, --device STRING Set the device ID -p STRING [STRING ...], --plugins STRING [STRING ...] Set the list of plugins -x, --respawn Auto respawn of the application --headless Start in headless mode
The interface is divided in two main block: a main view and a bottom status information bar.
In the status bar there are this information:
hView the help menu
rRun the selected application
sStop the frida hooking
RReturn to home page
xToggle respawing behaviour
aContext menu (based on the window)
nOpen a 'notepad'. This will create a file
ref.txt. Usefull for taking notes during analysis.
kOpen a terminal.
ctrl dfor detaching.
The available plugins are:
TLS Connection: this plugin hooks
TLS_Writefunctions so we can intercept the TLS traffic before the encryption and without using a proxy.
eexport selected packet.
EExport all the packets in PCAP format.
Low Level Network: this plugin hooks to low level network functions (like socket, recv, sendmsg, ecc.) and it allows to intecerpet traffic at lower level. There is also the IPC traffic (unix domain socket). It is a bit heavy so I suggest to stop the hooking before the analysis.
File open: this plugin hooks open system call so we can see the opened files. Thanks to
frida-fswe can download the file and perform an offline analysis.
eexport selected file.
Eexport all the files
Without arguments the application will start in GUI mode. The home page allows to select the device where frida-server is running and, after the selection, a list of the applications.
A lot of things, any help would be appreciate. Roadmap: