friTap – Release Notes (v1.3.8.9)

What's New

• ⏱️ Timeout Support for Spawned Processes

  • Introduced a new -t / --timeout <seconds> flag that allows you to delay the resumption of the main thread in a spawned target process. This ensures that all hooks are successfully installed before the process continues execution.

• 🐞 Fix: Premature Resume on Non-Mobile Targets

  • Resolved a bug on non-mobile systems where spawned target processes were resumed before our hooking script was injected. This issue is now fixed to ensure proper instrumentation timing.

• 🔍 Improved OpenSSL Pattern Support

  • Enhanced the pattern matching logic for OpenSSL’s ssl_log_secret() function on Linux systems.
  • Introduced a dedicated dumping function for ssl_log_secret() to accommodate its structural differences compared to BoringSSL’s implementation.

🐛 Found a bug? Feature request? Use the GitHub issue tracker to report it.

friTap – Release Notes (v1.3.8.0)

What's New

• 🧪 Cronet Enhancements
  • Improved pattern and library support for Cronet-based libraries on Android. For certain Cronet libraries (e.g., cronet_libcrypto.so), we can confidently determine that the underlying BoringSSL implementation is not statically linked. To enhance the overall performance of our pattern-based approach, we now skip these modules during analysis.
  • Improved default pattern handling. For example, we now account for the fact that Cronet implementations with names starting with stable_cronet use different patterns than other variants. This distinction is now considered during pattern scanning and hooking.

🐛 Found a bug? Feature request? Use the GitHub issue tracker to report it.

friTap – Release Notes (v1.3.7.7)

What's New

• 🪟 Improved LSASS Hooking on Windows

  • friTap now hooks the Local Security Authority Subsystem Service (LSASS) process by default on Windows, so you no longer need to run two instances to capture Schannel (ncrypt.dll) traffic before attaching to your target.
  • To disable LSASS hooking, use the new -nl / --no-lsass flag.
  • Updated and corrected documentation to reflect this behavior.

• 🧪 GoTLS Enhancements

  • Minor stability and performance improvements for experimental GoTLS support on Android and Linux.

🐛 Found a bug? Feature request? Use the GitHub issue tracker to report it.

friTap – Release Notes (v1.3.6.1)

What's New

• 🧪 Initial GoTLS Support (Experimental)

  • Support for GoTLS (Go's native TLS library) is now available on Android and Linux.
  • When symbols are not exported, friTap attempts pattern-based hooking (Android only, for now).
    • ⚠️ Note: This feature is experimental - requires the --experimental (-exp) flag - and may cause Frida crashes in some scenarios — feedback welcome!

• ✅ Basic Test Infrastructure Introduced

  • Added unit tests for core Python components (e.g., mocking library detection logic).
  • 🧪 Full automated test coverage (e.g., against ground truth datasets) is in progress.

• 📚 Citation Support

  • You can now cite friTap in academic work using the newly added CITATION.cff file.
    • Example: GitHub supports citation export

• 🪟 Windows Schannel Hooking Now Fully Integrated

  • Schannel support on Windows no longer requires the --experimental (-exp) flag.
  • The feature is now enabled by default and considered stable for standard use cases.

🐛 Found a bug? Feature request? Use the GitHub issue tracker to report it.

friTap - Release Notes (v1.3.5.3)

What's New

• 📘 In-depth Documentation

  • We've started building comprehensive docs using MkDocs!
    → Clearer explanations, usage examples, and feature guides are on the way.

• 🐍 OpenSSL Key Extraction from Python

  • friTap can now hook OpenSSL instances used in Python apps — tested on Linux and macOS.

• 🛠 Internal Improvements

  • Switched all output to use Python’s structured logger for cleaner and more consistent output.
  • Improved log formatting across all modes (standard, verbose, and debug).

• 🧩 New Feature: List Loaded Libraries

  • Added -ll / --list-libraries to enumerate loaded libraries in the target process.
  • Helps with debugging or identifying which TLS backends are in use.

• 🎛 Updated Command-Line Interface

  • Refactored several CLI options for clarity and consistency:
    • 🧬 -s now spawns the target app (replacing the old -f).
    • 🔍 Check --help for a full overview of updated options.

• 🛠 Development and Testing

  • add a script which trys to create a setup for development
  • started to add tests to friTap (still needs to be extended)

🔗 Stay tuned via https://github.com/friTap/friTap
🐛 Found a bug or missing key? Please report it in the GitHub issue tracker!

friTap - Release Notes (v1.3.4.1)

What's New

• 🚀 Migrated to Frida 17.x — friTap is now fully compatible with Frida ≥ 17.

  • 🔁 Backward compatibility with Frida 15–16 is maintained, but please note:
    • 🛠 New features and bug fixes will only be developed and tested against Frida 17+ going forward.

• 🧠 Enhanced debug and error output:

  • 🧾 Richer and more structured messages for easier issue analysis.
  • 📦 Optional output using the --do (debug output) flag now includes:
    • Pretty-printed errors
    • Stack traces
    • Source location hints

Stay up to date at https://github.com/friTap/friTap and report issues or feature requests via the GitHub issue tracker.

friTap - Release Notes

What's New

• ✅ Improved pattern matching for BoringSSL/Cronet on Android (ARM64).
• 🛠 All TLS-related hooks are now wrapped in try/catch blocks to prevent a single library hook failure from crashing friTap.
• 🔐 BoringSSL hooks can now be installed on libraries where BoringSSL is statically linked but symbols are still exported.

friTap - Release Notes

What's New

• TLS 1.2 support for RusTLS on Android ARM64 devices
• Ensure that user set key callbacks are not overwritten when hooking s2ntls, OpenSSL and BoringSSL

friTap - Release Notes

What's New

• RusTLS 1.3 support
  • We now support extracting keys from TLS 1.3 traffic done using byte patterns (Android and Linux only for now)
  • Supporting hooking RusTLS when symbols available using a keylog callback

friTap - Release Notes

What's New

• Improved Hooking for ssl_log_secret()
  • When pattern-based hooking fails, we now fallback to symbol-based hooking to install hooks dynamically. (Currently implemented on Android only.)
• Custom Patterns for ssl_log_secret()
  • Users can now provide their own pattern for hooking the ssl_log_secret() function, allowing extraction of TLS secrets and the client_random more flexibly. (Currently implemented on Android only.)

Bug Fixes & Improvements

• Various minor bug fixes across different components to enhance stability and performance.