Conversation
ninjeeter
commented
Feb 25, 2026
ninjeeter
commented
- Need to explicitly set numbered instructions to just add the tools to system PATH to avoid absolute paths in commands.
- Reword Frida section.
- Write Troubleshoot page.
caidobot
requested a deployment
to
AP-Android-Refactor-1 - documentation PR #337
Render
In progress
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 73.5%, saving 90.9 KB.
|
caidobot
requested a deployment
to
AP-Android-Refactor-1 - documentation PR #337
Render
In progress
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 7.7%, saving 2.5 KB.
|
…plicit comparison or type conversion is required @typescript-eslint/strict-boolean-expressions
caidobot
requested a deployment
to
AP-Android-Refactor-1 - documentation PR #337
Render
In progress
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 5.9%, saving 1.1 KB.
1 image did not require optimisation. |
… old. To ensure accurate Baseline data, please update: `npm i baseline-browser-mapping@latest -D`
caidobot
requested a deployment
to
AP-Android-Refactor-1 - documentation PR #337
Render
In progress
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 7.7%, saving 2.5 KB.
|
caidobot
requested a deployment
to
AP-Android-Refactor-1 - documentation PR #337
Render
In progress
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 5.9%, saving 1.1 KB.
1 image did not require optimisation. |
| link: "/app/tutorials/android_browser_virtual", | ||
| }, | ||
| { | ||
| text: "Adding Caido's CA Certificate to the System Partition", |
There was a problem hiding this comment.
Should this be before "Proxying MObile Chrome Browser Traffic"? I feel like you want to do the entire setup first, before starting to proxy stuff.
There was a problem hiding this comment.
Chrome trust user certificates by themselves.
.vitepress/sidebars/app/tutorials.ts
Outdated
| ] | ||
| }, | ||
| { | ||
| text: "Modifying an Android Application: Virtual & Physical Devices", |
There was a problem hiding this comment.
I'd simplify this title, it's a bit long.
Something like "Modifying Your First APK"
There was a problem hiding this comment.
Do you know why these files are marked as new?
There was a problem hiding this comment.
These are what fixed pnpm not working. But for some reason, it worked fine without these on a subsequent branch. Will revert/delete the changes to this stuff.
caidobot
temporarily deployed
to
AP-Android-Refactor-1 - documentation PR #337
Render
Destroyed
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 77.2%, saving 60.3 KB.
3 images did not require optimisation. |
caidobot
requested a deployment
to
AP-Android-Refactor-1 - documentation PR #337
Render
In progress
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 9.1%, saving 1.6 KB.
3 images did not require optimisation. |
caidobot
temporarily deployed
to
AP-Android-Refactor-1 - documentation PR #337
Render
Destroyed
|
Images automagically compressed by Calibre's image-actions ✨ Compression reduced images by 6.7%, saving 309 B.
4 images did not require optimisation. |
There was a problem hiding this comment.
Pull request overview
This PR restructures the Android proxying documentation into a clearer series split by virtual vs physical devices, refreshes the APK modification/Frida guidance, and adds a dedicated troubleshooting page to help users resolve common setup and interception issues.
Changes:
- Replaced the single Android setup tutorial with a multi-page Android series (introduction, virtual device setup, physical device setup, browser proxying, system CA injection for AVDs).
- Reworked the “Modifying APK” tutorial (installation/extraction steps, network security config edits, updated Frida section).
- Added an Android troubleshooting page and updated the tutorials sidebar hierarchy accordingly.
Reviewed changes
Copilot reviewed 11 out of 18 changed files in this pull request and generated 14 comments.
Show a summary per file
| File | Description |
|---|---|
| src/app/tutorials/modifying_apk.md | Major rewrite of the APK modification + Frida workflow for both virtual and physical devices. |
| src/app/tutorials/android_virtual_device.md | New Android Studio + AVD creation setup guide for the virtual-device track. |
| src/app/tutorials/android_physical_device.md | New Android Studio setup guide for the physical-device track. |
| src/app/tutorials/android_browser_virtual.md | New guide for proxying browser traffic on an Android emulator, including adb reverse and user CA install. |
| src/app/tutorials/android_browser_physical.md | New guide for proxying browser traffic on a physical device, including adb reverse and user CA install. |
| src/app/tutorials/android_add_certificate.md | New guide for installing Caido’s CA into the system partition for supported AVD API levels. |
| src/app/tutorials/android_troubleshooting.md | New troubleshooting page covering missing traffic, Frida version mismatches, and certificate issues. |
| src/app/tutorials/android_introduction.md | New introduction page explaining the overall Android proxying approach and cert stores. |
| .vitepress/sidebars/app/tutorials.ts | Updates sidebar structure to reflect the new Android tutorial series organization. |
| src/app/tutorials/android_configuration.md | Removes legacy “Android Setup and Configuration” page. |
| src/app/tutorials/add_certificate.md | Removes legacy “Adding Caido’s CA Certificate…” page (superseded by the new Android series). |
| src/_images/* | Adds new screenshots supporting the new/updated tutorials. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| 4. Execute the `adb` tool against the device with the file path as the value of the `pull` argument to pull the APK to your computer. | ||
|
|
||
| ```bash | ||
| adb pull /data/app/tech.httptoolkit.pinning_demo-1wMoq8214ewjz2S-xt-sCA==/base.apk | ||
| adb -s <device-id> pull </data/app/<path-segments>/base.apk> | ||
| ``` |
There was a problem hiding this comment.
The example adb pull command includes angle brackets around the remote path (</data/app/.../base.apk>). In most shells, </> are redirection operators, so copying this command will fail. Use a plain path (optionally with placeholder segments like /data/app/<path-segments>/base.apk) without wrapping the whole argument in < >.
| ## Frida | ||
|
|
||
| **Frida** is a toolkit that allows you to hook custom scripts into running Android application processes, enabling real-time analysis and modification. This is what we will use to modify the processes are checking the SSL/TLS certificates. | ||
| **Frida** is a toolkit that allows you to hook custom scripts into running Android application processes, enabling real-time analysis and modification. This can be used to modify the processes are checking the SSL/TLS certificates. |
There was a problem hiding this comment.
The description modify the processes are checking the SSL/TLS certificates is grammatically incorrect and hard to read. Reword to something like modify the processes that check SSL/TLS certificates.
| 11. Follow the prompts to configure the key. | ||
|
|
||
| 12. Add the `build-tools\<version>` directory (_a subdirectory of the file system location stated in the `Android SDK Location` field_) to your system's PATH environment variable. |
There was a problem hiding this comment.
The ordered list numbering skips 10 (it jumps from 9. to 11.). Renumber the steps so they remain sequential.
| adb -s <device-id> uninstall tech.httptoolkit.pinning_demo | ||
| ``` | ||
|
|
||
| ::: | ||
|
|
||
| 9. Install the modified APK: | ||
| 18. Install the modified application on the device. | ||
|
|
There was a problem hiding this comment.
The ordered list numbering skips 17 (it jumps from 16. to 18.). Renumber the steps so they remain sequential.
| pip install frida==16.6.6 frida-tools==13.6.0 | ||
| ``` | ||
|
|
||
| 2. Add the `/scripts` directory of the package to your system's PATH environment variable. | ||
|
|
There was a problem hiding this comment.
This step suggests adding a /scripts directory from the Frida pip package to PATH, but pip install typically installs the frida executable into your Python environment’s bin/ (Linux/macOS) or Scripts\ (Windows) directory. Update the instructions to reference the correct location (or recommend a virtualenv and ensure its bin/Scripts is on PATH).
| <img alt="Finding the base package." src="/_images/adb_package_location.png" center no-shadow/> | ||
|
|
||
| 4. Copy the location and exit the device command-line interface using`CTRL` + `D` or by typing and entering `exit`. | ||
| 3. Copy the absolute file path (_starting from `/data` and ending with `/base.apk`_) and exit the device command-line interface using`CTRL` + `D` or by typing and entering `exit`. |
There was a problem hiding this comment.
There’s a missing space in usingCTRL+D which renders awkwardly. Add a space: `using `CTRL` + `D (or rephrase).
| ``` | ||
|
|
||
| 2. The `application` tag will contain an `android:extractNativeLibs` attribute. In order for the Frida Gadget library to function properly, this needs to be set to `"true"`: | ||
| 2. Change the value of the `android:extractNativeLibs` attribute from `"false"` to `"true`". |
There was a problem hiding this comment.
Typo in the quoted value: "true"has mismatched quotes. This should be"true"`.
| <img alt="Remounting." src="/_images/adb_remount.png" center no-shadow/> | ||
|
|
||
| 11. In your terminal, navigate to the file system location of the renamed certificate. | ||
|
|
||
| 12. Execute the `adb` tool against the device with the filename of the renamed certificate as the value of the `push` argument to move it into the System partition. |
There was a problem hiding this comment.
The step numbering repeats 11. here (there are two 11. steps in the list). Renumber the steps so they remain sequential.
| If traffic is not appearing in the HTTP History table, network configuration settings may be the cause. | ||
|
|
||
| <code><Icon icon="fas fa-screwdriver-wrench" /></code> Disable `Mobile data` usage, VPN connections, and/or set the Wi-Fi **Proxy hostname** to `10.0.2.2`. |
There was a problem hiding this comment.
This troubleshooting tip suggests setting the Wi‑Fi proxy hostname to 10.0.2.2, which is an Android Emulator special address and won’t apply to physical devices. Clarify that this is emulator-only (or provide the physical-device equivalent).
| 1. Open the SSL Pinning Demo application on your device. The screen will be blank as it is awaiting the script that will hook into the application's initialization. | ||
|
|
||
| [Frida Codeshare](https://codeshare.frida.re/browse) is Frida's official repository of scripts that can be called using the `--codeshare` command-line option. | ||
| 2. Execute `frida` against the device with `-U gadget` and the script `<author>/<name>` (_e.g. `fdciabdul/frida-multiple-bypass`_) as the value of the `--codeshare` argument. | ||
|
|
||
| ```bash | ||
| frida -U gadget --codeshare <author>/<file> | ||
| frida -U gadget --codeshare fdciabdul/frida-multiple-bypass | ||
| ``` |
There was a problem hiding this comment.
The frida -U gadget --codeshare fdciabdul/frida-multiple-bypass example pulls and executes a remote Frida script directly from Frida CodeShare without any integrity verification or pinning to a trusted author/source, which creates a supply-chain risk. If the CodeShare service, the referenced script, or the network path is compromised, an attacker-controlled script could be executed in the target app’s process with full access to its data. To reduce this risk, recommend instructing users to download and inspect scripts locally (or vendor them in this repo) and execute them from disk, or at minimum clearly emphasize using only trusted, audited CodeShare authors and versions rather than arbitrary identifiers.
|
Closes #336 |
