Cannot get list of apps using frida method on Android

[victor141516]

A couple days ago this was working fine with the same computer and the same Android device, but today it's stuck in "Scanning for apps to intercept..."

I'm debugging the issue, but it's taking more time than I expected and maybe Tim can solve this issue faster.

Specificly this line is not resolving: https://github.com/httptoolkit/httptoolkit-server/blob/main/src/interceptors/frida/frida-android-integration.ts#L193

And deeper, in frida-js line 191 does resolve but line 192 doesn't.

It just doesn't resolve at all, but there is a timeout here so the request from the ui is completed but doesn't contain anything ({})

I don't have much experience with D-Bus or Frida so I'm having issues debugging deeper.

Thank you! and congrats for the product and the codebase, very straightforward to follow

[pimterry]

Hmm, that's interesting. My best guess is that the frida server has just got stuck somewhere. That shouldn't happen, but it can do in some cases. What happens if you restart the device? You could also adb shell in and kill frida-server to ensure it gets restarted, if that's easier.

In future I'd like to try to detect this - as long as there's no intercepted apps currently running, there's no downside to restarting Frida if it becomes unresponsive,

[victor141516]

I restarted both the computer and the phone, but no luck. Later today I'll try to adb shell and debug from there.

Thanks for the tips!

[pimterry]

Hmm, ok, that's very weird then.

The next thing I'd test for comparison is installing & querying Frida manually using the CLI (guide: https://httptoolkit.com/blog/frida-certificate-pinning/#install-and-start-frida-on-the-device). The server uses Frida 16.3.3.

If that works, it would be interesting to try restarting the device, launching a normal Frida server (which should result in HTTP Toolkit not launching its own) and then trying to use that.

Digging into the differences here bit by bit, somewhere we should eventually either find out that Frida doesn't work on the device at all (so there's a Frida/device issue to investigate, or maybe we need to update or something) or there's some specific part of HTTP Toolkit that's breaking something here, and we can then dig into that particular failure directly.

[victor141516]

Great! I was able to fix it :D

When I was trying to do frida-ps -U I was getting this error: Failed to enumerate processes: unable to perform ptrace pokedata

Then I saw in an issue in the fridaa repo that installing MagiskFrida may fix it, and indeed something changes. Now frida-ps -U prints cannot read properties of undefined (reading 'getRunningAppProcesses') 🎉

Also in this issue someone said that running pm uninstall com.google.android.art fixes it and man it does

So happy end! Thanks for the support!

Edit: I think this is the root cause: frida/frida#2958

[pimterry]

I see, glad that's working for you now, thanks for the details @victor141516! I don't think HTTP Toolkit should reasonably uninstall system packages like com.google.android.art for you automatically, so this'll have to be a manual fix for any other people affected too, but I'll keep an eye on frida/frida#2958 and update to a working Frida as soon as that's been resolved.

[victor141516]

don't think HTTP Toolkit should reasonably uninstall system packages like com.google.android.art for you automatically

Yeah that's for sure! However having some logic to detect this situation (as you suggested) could be a good improvement. Would you mind if I spend some time on it? I can send a PR in a few days

[pimterry]

Sure! Yeah, if it's possible to detect it and return an error from the server to the UI, that could definitely help. Returning a brief explanation with a link to this issue is probably the best solution, then it's easy to update with more info here later.