frida
Installation
SKILL.md
Frida - dynamic instrumentation (alpha)
Hook a target at runtime to confirm LLM-flagged sinks actually execute, trace API calls, bypass SSL pinning, scan memory for secrets.
When to use
/scanor/agenticflagged a sink and you want to confirm it fires at runtime before treating it as exploitable.- A binary or mobile app is doing something opaque and a few minutes of API-trace would reveal the shape.
- A pinned mobile app is blocking your MITM proxy.
- A crash you can't
rr-record (macOS) needs a function-call trace.
Install
pipx install frida-tools # host CLI + python bindings
raptor doctor # confirms frida is detected
For remote / mobile targets, install the matching frida-server on the target side. See docs/frida/SETUP_MACOS.md, SETUP_LINUX.md. Note: most frida-server binaries bind to 127.0.0.1 by default - start with -l 0.0.0.0:27042 or SSH-forward port 27042.