MCP Hub
Back to servers

Frida MCP Server

A comprehensive MCP server that exposes Frida's dynamic instrumentation toolkit to AI agents for process management, script injection, and memory operations. It provides over 50 tools to interact with local and mobile devices, enabling advanced capabilities like function hooking and memory analysis.

glama
AI & MLDevelopment Tools
Updated
Feb 4, 2026
View Source
Claim this server

Frida MCP Server

A comprehensive MCP (Model Context Protocol) server that exposes the full power of Frida's dynamic instrumentation toolkit to AI agents.

Features

55 tools covering all major Frida capabilities:

Device & Process Management

  • frida_list_devices - List all available Frida devices
  • frida_get_device_info - Get detailed device information
  • frida_list_processes - List running processes
  • frida_list_applications - List installed applications
  • frida_get_process - Get process details by name/PID
  • frida_spawn - Spawn a new process (suspended)
  • frida_resume - Resume a spawned process
  • frida_kill - Kill a process

Session Management

  • frida_attach - Attach to a running process
  • frida_detach - Detach from a session

Script Injection

  • frida_inject_script - Inject and run JavaScript in a process
  • frida_unload_script - Unload an injected script
  • frida_rpc_call - Call RPC functions in scripts
  • frida_evaluate - Evaluate arbitrary JavaScript

Function Hooking

  • frida_hook_function - Hook native functions
  • frida_intercept_method - Intercept ObjC/Java methods
  • frida_trace - Trace function calls with patterns

Memory Operations

  • frida_memory_scan - Scan memory for patterns
  • frida_memory_read - Read bytes from memory
  • frida_memory_write - Write bytes to memory
  • frida_search_strings - Search for strings in memory

Module Enumeration

  • frida_list_modules - List loaded modules
  • frida_list_exports - List module exports
  • frida_list_imports - List module imports
  • frida_resolve_exports - Find functions by pattern (ApiResolver)

Java (Android)

  • frida_java_enumerate_classes - List Java classes
  • frida_java_hook_method - Hook Java methods
  • frida_java_find_instances - Find class instances on heap
  • frida_java_call_method - Call Java methods

Objective-C (iOS/macOS)

  • frida_objc_enumerate_classes - List ObjC classes
  • frida_objc_hook_method - Hook ObjC methods
  • frida_objc_find_instances - Find class instances on heap

Advanced

  • frida_stalker_trace - Instruction-level tracing
  • frida_inject_library - Inject shared libraries
  • frida_enable_spawn_gating - Intercept new processes
  • frida_disable_spawn_gating - Disable spawn gating
  • frida_get_pending_spawn - Get pending spawned processes
  • frida_get_process_info - Detailed process information

File Operations

  • frida_pull_file - Download file from device
  • frida_push_file - Upload file to device

Installation

# Install dependencies
pip3 install frida frida-tools mcp

# Or with --break-system-packages on newer Ubuntu
pip3 install --break-system-packages frida frida-tools mcp

Usage

As stdio MCP server

python3 server.py

Example MCP configuration

{
  "mcpServers": {
    "frida": {
      "command": "python3",
      "args": ["/path/to/frida-mcp/server.py"]
    }
  }
}

Example Workflows

1. List processes and attach

1. Call frida_list_processes to see running processes
2. Call frida_attach with target="processName" or target=1234 (PID)
3. Use the returned session_id for further operations

2. Hook a function

1. frida_attach to the target process
2. frida_hook_function with the session_id, function name, and optional onEnter/onLeave code
3. Observe the script_id and retrieve logs with frida_unload_script when done

3. Trace SSL/crypto calls

1. frida_attach to a network application
2. frida_trace with include=["*SSL*", "*crypto*"] to see all SSL-related calls

4. Android app analysis

1. frida_list_applications on USB device to find the app
2. frida_attach to the app
3. frida_java_enumerate_classes to explore classes
4. frida_java_hook_method to intercept specific methods
5. frida_java_find_instances to find live objects

5. Memory forensics

1. frida_attach to the target process
2. frida_search_strings to find interesting strings
3. frida_memory_read to dump specific memory regions
4. frida_memory_scan for byte patterns

Device Types

  • local - Local system (default)
  • usb - USB-connected device (Android/iOS with frida-server)
  • remote - Remote frida-server over TCP

Requirements

  • Python 3.8+
  • Frida 16.0+ (pip install frida frida-tools)
  • MCP SDK (pip install mcp)

For mobile device support:

  • Android: Install frida-server on the device
  • iOS: Install frida via jailbreak or use frida-gadget

Security Notes

⚠️ Frida is a powerful tool that can be used for both security research and malicious purposes. Only use on systems you own or have explicit permission to test.

License

MIT

Memory Management (NEW)

  • frida_memory_alloc - Allocate memory in target process
  • frida_memory_protect - Change memory page permissions
  • frida_enumerate_ranges - List memory ranges/maps

Thread Operations (NEW)

  • frida_enumerate_threads - List all threads with state
  • frida_backtrace - Get stack backtrace

Symbol Resolution (NEW)

  • frida_debug_symbol - Resolve symbols from address/name
  • frida_list_symbols - List debug symbols from module

Native Calling (NEW)

  • frida_native_function - Call native functions directly
  • frida_cmodule - Compile and load inline C code

ObjC Extended (NEW)

  • frida_objc_call_method - Call ObjC methods on class/instance

Java Extended (NEW)

  • frida_java_load_dex - Load DEX files dynamically

Network (NEW)

  • frida_socket_connect - Create socket connections from process

Reviews

No reviews yet

Sign in to write a review