Frida MCP Server

Expose Frida's dynamic instrumentation toolkit to AI agents

otherfridainstrumentationsecurityreverse-engineering
README.md

Frida MCP Server

A comprehensive MCP (Model Context Protocol) server that exposes the full power of Frida's dynamic instrumentation toolkit to AI agents.

Features

55 tools covering all major Frida capabilities:

Device & Process Management

  • frida_list_devices - List all available Frida devices
  • frida_get_device_info - Get detailed device information
  • frida_list_processes - List running processes
  • frida_list_applications - List installed applications
  • frida_get_process - Get process details by name/PID
  • frida_spawn - Spawn a new process (suspended)
  • frida_resume - Resume a spawned process
  • frida_kill - Kill a process

Session Management

  • frida_attach - Attach to a running process
  • frida_detach - Detach from a session

Script Injection

  • frida_inject_script - Inject and run JavaScript in a process
  • frida_unload_script - Unload an injected script
  • frida_rpc_call - Call RPC functions in scripts
  • frida_evaluate - Evaluate arbitrary JavaScript

Function Hooking

  • frida_hook_function - Hook native functions
  • frida_intercept_method - Intercept ObjC/Java methods
  • frida_trace - Trace function calls with patterns

Memory Operations

  • frida_memory_scan - Scan memory for patterns
  • frida_memory_read - Read bytes from memory
  • frida_memory_write - Write bytes to memory
  • frida_search_strings - Search for strings in memory

Module Enumeration

  • frida_list_modules - List loaded modules
  • frida_list_exports - List module exports
  • frida_list_imports - List module imports
  • frida_resolve_exports - Find functions by pattern (ApiResolver)

Java (Android)

  • frida_java_enumerate_classes - List Java classes
  • frida_java_hook_method - Hook Java methods
  • frida_java_find_instances - Find class instances on heap
  • frida_java_call_method - Call Java methods

Objective-C (iOS/macOS)

  • frida_objc_enumerate_classes - List ObjC classes
  • frida_objc_hook_method - Hook ObjC methods
  • frida_objc_find_instances - Find class instances on heap

Advanced

  • frida_stalker_trace - Instruction-level tracing
  • frida_inject_library - Inject shared libraries
  • frida_enable_spawn_gating - Intercept new processes
  • frida_disable_spawn_gating - Disable spawn gating
  • frida_get_pending_spawn - Get pending spawned processes
  • frida_get_process_info - Detailed process information

File Operations

  • frida_pull_file - Download file from device
  • frida_push_file - Upload file to device

Installation

# Install dependencies
pip3 install frida frida-tools mcp

# Or with --break-system-packages on newer Ubuntu
pip3 install --break-system-packages frida frida-tools mcp

Usage

As stdio MCP server

python3 server.py

Example MCP configuration

{
  "mcpServers": {
    "frida": {
      "command": "python3",
      "args": ["/path/to/frida-mcp/server.py"]
    }
  }
}

Example Workflows

1. List processes and attach

1. Call frida_list_processes to see running processes
2. Call frida_attach with target="processName" or target=1234 (PID)
3. Use the returned session_id for further operations

2. Hook a function

1. frida_attach to the target process
2. frida_hook_function with the session_id, function name, and optional onEnter/onLeave code
3. Observe the script_id and retrieve logs with frida_unload_script when done

3. Trace SSL/crypto calls

1. frida_attach to a network application
2. frida_trace with include=["*SSL*", "*crypto*"] to see all SSL-related calls

4. Android app analysis

1. frida_list_applications on USB device to find the app
2. frida_attach to the app
3. frida_java_enumerate_classes to explore classes
4. frida_java_hook_method to intercept specific methods
5. frida_java_find_instances to find live objects

5. Memory forensics

1. frida_attach to the target process
2. frida_search_strings to find interesting strings
3. frida_memory_read to dump specific memory regions
4. frida_memory_scan for byte patterns

Device Types

  • local - Local system (default)
  • usb - USB-connected device (Android/iOS with frida-server)
  • remote - Remote frida-server over TCP

Requirements

  • Python 3.8+
  • Frida 16.0+ (pip install frida frida-tools)
  • MCP SDK (pip install mcp)

For mobile device support:

  • Android: Install frida-server on the device
  • iOS: Install frida via jailbreak or use frida-gadget

Security Notes

⚠️ Frida is a powerful tool that can be used for both security research and malicious purposes. Only use on systems you own or have explicit permission to test.

License

MIT

Memory Management (NEW)

  • frida_memory_alloc - Allocate memory in target process
  • frida_memory_protect - Change memory page permissions
  • frida_enumerate_ranges - List memory ranges/maps

Thread Operations (NEW)

  • frida_enumerate_threads - List all threads with state
  • frida_backtrace - Get stack ba

Tools 6

frida_list_processesList all running processes on the target device.
frida_attachAttach to a running process by name or PID.
frida_inject_scriptInject and run JavaScript in a process.
frida_hook_functionHook native functions in the target process.
frida_java_hook_methodHook Java methods in an Android application.
frida_memory_scanScan memory for specific patterns.

Try it

List all running processes and attach to the one named 'com.example.app'.
Hook the 'encrypt' function in the attached process and log the arguments.
Search the memory of the current process for any strings related to 'API_KEY'.
Enumerate all Java classes in the Android application and find instances of the 'User' class.
Trace all function calls containing 'SSL' in the target application.

Frequently Asked Questions

What are the key features of Frida MCP Server?

Comprehensive process and device management for local, USB, and remote devices.. Advanced function hooking for native, Java (Android), and Objective-C (iOS/macOS) code.. Memory forensics capabilities including scanning, reading, writing, and string searching.. Script injection and RPC support for custom JavaScript instrumentation.. Instruction-level tracing using the Frida Stalker..

What can I use Frida MCP Server for?

Security researchers analyzing application behavior and API calls in real-time.. Android and iOS developers debugging complex runtime issues or method interactions.. Reverse engineers performing memory forensics to extract sensitive data or keys.. Automated testing of mobile applications by intercepting and modifying method inputs.. Analyzing network traffic by hooking SSL/crypto functions in encrypted applications..

How do I install Frida MCP Server?

Install Frida MCP Server by running: pip3 install frida frida-tools mcp

What MCP clients work with Frida MCP Server?

Frida MCP Server works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Frida MCP Server docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Open Conare

Related MCP Servers

Nuclear
Free, open-source music player without ads or tracking.
other17.1K stars
Domain Check
Fast domain availability checker with RDAP/WHOIS lookup and batch checking.
other253 stars
Ableton MCP Extended
Control Ableton Live using natural language via AI assistants
other142 stars
US Government Open Data MCP
MCP Server + TypeScript SDK for 40+ U.S. Government APIs
other90 stars
Garmin Connect
Access your fitness, health, and training data from MCP clients.
other71 stars
BinjaLattice MCP
Secure communication protocol for Binary Ninja and MCP servers
other61 stars