Frida

MCP server for Frida-based mobile security testing. Exposes Frida functionality as MCP tools for AI-assisted security research.

Requirements

• Python 3.11+
• Frida server running on target device
• ADB access for Android devices
• Rooted device (for most operations)

Install

cd frida-mcp
uv pip install -e .

Build the Frida agent (required):

cd agent
npm install
npm run build

Add to Claude Code

claude mcp add frida-mcp -- frida-mcp

Tools

Connection & Session Management

Tool	Description
list_devices	List all available Frida devices (USB, remote, local)
list_processes	List running processes on a device
list_apps	List installed applications on a device
connect	Attach to app by bundle ID, name, or PID. Supports spawn=true for fresh launch.
disconnect	Disconnect from the current session
is_connected	Check if Frida session is still alive and healthy
list_sessions	List all active Frida sessions (multi-device support)
switch_session	Switch to a different active session by ID

App Lifecycle (ADB-based)

Tool	Description
get_pid	Get PID of a running app by package name
launch_app	Launch app via ADB and return its PID
stop_app	Force stop an app by package name
spawn_and_attach	Force stop, launch fresh, and attach Frida in one step

Memory Operations

Tool	Description
memory_list_modules	List all loaded modules (libraries) in the process
memory_list_exports	List exports (functions) from a specific module
memory_search	Search process memory for hex pattern or string
memory_read	Read memory at a specific address
memory_write	Write bytes to memory address (for patching)
get_module_base	Get base address of a module by name (partial match)

Android Java Hooking

Tool	Description
android_list_classes	List loaded Java classes, optionally filtered
android_list_methods	List methods of a Java class
android_hook_method	Hook a Java method to monitor calls
android_search_classes	Search for classes matching a pattern
android_ssl_pinning_disable	Disable SSL certificate pinning
android_get_current_activity	Get the current foreground activity
dump_class	Dump all methods, fields, and constructors of a class
heap_search	Search Java heap for live instances of a class

Persistent Hooks

Tool	Description
install_hook	Install a persistent hook script that collects messages
get_hook_messages	Retrieve collected messages from persistent hooks
clear_hook_messages	Clear the hook message buffer
uninstall_hooks	Unload all persistent hook scripts
list_hooks	List all installed persistent hooks
hook_native	Hook a native function by module+offset

File Operations

Tool	Description
file_ls	List files in a directory on the device
file_read	Read a text file from the device
file_download	Download a file from device to local machine

Custom Scripting

Tool	Description
run_script	Execute custom Frida JavaScript code
run_java	Run JavaScript within Java.performNow context

Usage Example

1. list_devices          → Find your device
2. connect target=com.example.app spawn=true  → Attach to app
3. android_search_classes pattern=crypto      → Find crypto classes
4. android_hook_method class_name=... method_name=...  → Hook methods
5. get_hook_messages     → See captured calls

Notes

• SELinux is automatically set to permissive mode when connecting (required for Frida injection on many devices)
• The spawn=true option uses ADB-based launch which is more reliable than Frida's native spawn
• Multi-session support allows attaching to multiple apps/devices simultaneously