After quite a lot of hours of work, Brida 0.4 is finally out!
Brida 0.4 should have been presented at Hack In Paris 2020 but, due to the postponement of the conference for the COVID-19 global situation, the tool in being released before the conference (but we will still present it to Hack In Paris 2020 in February 2021).
Brida 0.4 speeds up further the dynamic analysis process with the introduction of the following features:
- Many Frida hooks for common tasks have been included, directly callable from the GUI of the tool with a click of the mouse! These scripts include the most recent hooks for Android and iOS platforms to bypass and inspect security features
- A new highly customizable engine will allow to graphically create custom plugins to:
- Process requests/responses that pass through every Burp Suite tool, in order to be able to encrypt/decrypt/resign elements of requests and responses using Frida exported functions
- Add custom tab to Burp Suite request/response pane, in order to be able to decrypt/decode/process requests/responses (or portions of them) using Frida exported functions (and then encrypt/encode/process modifications and replacing the original request/response, as needed)
- Add custom context menu options to invoke Frida exported functions on requests and responses
- Add buttons that invoke/enable Frida exported functions
- Fully compatible with Burp 2.X and Python 3, with options to attach/detach and to inspect local processes
- Support for frida-compile, in order to move Brida JS inner functions outside from the Frida JS file edited by the pentester/hacker/user
- Graphical hooks are now persistent across spawns and can be manually enabled/disabled/removed
- Yes, we finally added the documentation! 😀
Brida 0.4 can be found here:
- Sources: https://github.com/federicodotta/Brida/
- Binaries: https://github.com/federicodotta/Brida/releases
- Documentation: https://github.com/federicodotta/Brida/wiki
In the next weeks we will also send the binary to the PortSwigger team to update the extension in the Burp Suite BAppStore (in order to have time to fix user’s issues before the inclusion in the BAppStore).
Suggestions and bug reports are obviously welcome! 🙂