A cutting-edge Frida-based tool for bypassing certificate pinning and intercepting network traffic from mobile applications that resist traditional proxy methods.
Traditional proxy tools like Burp Suite fail when dealing with:
- π± Mobile Device Management (MDM) applications
- π Certificate pinning implementations
- π‘οΈ Custom security protocols
- π TLS/SSL bypass restrictions
- π Devices using VPN connections
KnoxSpy solves this by hooking directly into popular network libraries at runtime, even when the API traffic is routed through a VPN.
- Runtime Hooking: Bypass certificate pinning and security restrictions
- Multi-Platform: Android (OkHttp3) and iOS (Alamofire/AFNetworking) support
- Real-Time Analysis: Live traffic capture and analysis
- Traffic Replay: Replay captured requests for testing
- Session Management: Multiple concurrent testing sessions
- Vue.js Frontend: Responsive, intuitive web interface
- WebSocket Integration: Real-time updates and communication
Create and manage multiple testing sessions with different devices and applications
Browse and select applications on connected Android and iOS devices
Automatically detect and attach to network libraries (OkHttp3 shown)
Capture, analyze, and modify network traffic in real-time
- Frida Server 16.2.1 installed on target device
- Node.js 18+ for development
- Android/iOS device with USB debugging enabled
Note: Android device has to be rooted
# Clone the repository
git clone https://github.com/appknox/knoxspy.git
cd knoxspy
# Install dependencies
cd app/gui && npm install
cd ../server && npm install
cd ../..
# Start the application
./knoxspy- Connect Device: Ensure Frida server is running on your target device
- Launch KnoxSpy: Run
./knoxspyto start both frontend and backend - Access Interface: Open http://localhost:5173 in your browser
- Create Session: Set up a new testing session
- Select App: Choose the target application from the device
- Select Library: Choose the library being used by the application
- Capture Traffic: Switch to the Proxy tab and start intercepting
- Frontend: Vue.js 3 + TypeScript + PrimeVue
- Backend: Node.js + Express + WebSocket
- Database: SQLite for session and library management
- Instrumentation: Frida + Custom JavaScript/TypeScript agents
| Platform | Library | Coverage |
|---|---|---|
| Android | OkHttp3 | β Full Support |
| iOS | Alamofire | β Full Support |
| iOS | AFNetworking | β Full Support |
| Custom | User Scripts | β Extensible |
Upload your own Frida agents as ZIP files:
- Must contain
package.json - TypeScript source automatically compiled
- Stored in
libraries/directory - Database tracking for metadata
- MDM Security: Exposing hidden vulnerabilities in enterprise applications
- Mobile Pentesting: New methodologies for bypassing modern security measures
- Network Analysis: Advanced techniques for traffic interception
- Real-time MDM app analysis
- Certificate pinning bypass demonstrations
- Custom agent deployment
- Enterprise application security testing
- Authorized Testing Only: Use only on applications you own or have permission to test
- Research Purpose: Designed for defensive security research and penetration testing
- Compliance: Ensure compliance with local laws and regulations
- Session Isolation: Each testing session is properly isolated
- Secure Communication: WebSocket connections with proper validation
- File Validation: Uploaded agents undergo security checks
# Frontend development
cd app/gui
npm run dev
# Backend development
cd app/server
npm run dev
# Production build
cd app/gui
npm run build# Run frontend tests (when available)
cd app/gui
npm run test
# Run backend tests (when available)
cd app/server
npm run testWe welcome contributions from the security research community! Feel free to:
- Report bugs and issues
- Submit feature requests
- Contribute code improvements
- Share your custom Frida agents
- Improve documentation
- Security researchers and penetration testers
- Mobile application developers
- Network security professionals
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
KnoxSpy is developed by Appknox, a leading mobile security company dedicated to making mobile applications more secure through innovative security testing tools and platforms.
Star β this repository if you find it useful!
π Get Started β’ πΈ View Screenshots β’ π¬ Technical Details β’ π‘οΈ Security
Made with β€οΈ for the security research community