Frida MCP Server
A MCP server that provides dynamic instrumentation capabilities through Frida. Built with TypeScript and optimized for Bun runtime.
Features
- Dynamic Instrumentation: Hook functions, inspect memory, and modify behavior of running processes
- Device Management: Support for local, USB, and remote Frida devices
- Process Control: Spawn, attach, resume, and kill processes
- Interactive Sessions: Create persistent sessions for complex instrumentation workflows
- Script Execution: Execute JavaScript code with both one-shot and persistent modes
- File Operations: Download files from instrumented processes and query module information
Prerequisites
Installation
No installation required! Use npx to run directly from GitHub (see Configuration below).
For local development:
# Clone the repository
git clone https://github.com/nonsleepr/frida-mcp.ts
cd frida-mcp.ts
# Install dependencies
bun install
Note: While this project is built with Bun, npx (from npm) is required to run from GitHub due to native dependency requirements. Use npx --yes github:nonsleepr/frida-mcp.ts to run the server.
Configuration
Environment Variables
FRIDA_DEFAULT_DEVICE: Default remote device connection string (e.g., "192.168.1.100:27042" or "192.168.1.100", port defaults to 27042)
Claude Desktop Configuration
Add to your Claude Desktop config file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"frida": {
"command": "npx",
"args": ["--yes", "github:nonsleepr/frida-mcp.ts"],
"env": {
"FRIDA_DEFAULT_DEVICE": "192.168.1.100:27042"
}
}
}
}
Roo Configuration
Add this to your project's .roo/mcp.json:
{
"mcpServers": {
"frida": {
"command": "npx",
"args": ["--yes", "github:nonsleepr/frida-mcp.ts"],
"env": {
"FRIDA_DEFAULT_DEVICE": "10.254.1.69:27042"
},
"disabled": false,
"alwaysAllow": []
}
}
}
Note: Set FRIDA_DEFAULT_DEVICE to your Frida server's connection string (hostname:port or just hostname), or leave it empty to use local devices.
Available Tools
Process Management
| Tool | Description | Parameters |
|---|---|---|
spawn_process | Spawn a process with Frida attached in paused state. The process will be paused at startup. Use resume_process() after loading scripts to continue execution. | program (string)args (optional string[])device_id (optional: "default" or connection string) |
resume_process | Resume a spawned process. | pid (number)device_id (optional: "default" or connection string) |
kill_process | Kill a process by PID. | pid (number)device_id (optional: "default" or connection string) |
Interactive Sessions
| Tool | Description | Parameters |
|---|---|---|
create_interactive_session | Create an interactive session for dynamic instrumentation. Establishes a Frida session for injecting JavaScript, hooking functions, and monitoring the target process. The session persists until explicitly closed or the process terminates. | process_id (number)device_id (optional: "default" or connection string) |
execute_in_session | Execute JavaScript code within an existing Frida session. All scripts are persistent and continue running. Use wait parameter to capture initial output before returning. Messages available via frida://sessions/{session_id}/messages resource. | session_id (string)javascript_code (string)wait (optional number, default: 0 - seconds to wait for initial output) |
load_script_file | Load and execute a Frida JavaScript file into an existing session. All scripts are persistent and continue running. Use wait parameter to capture initial output before returning. Messages available via frida://sessions/{session_id}/messages resource. | session_id (string)script_path (string)wait (optional number, default: 0 - seconds to wait for initial output) |
File Operations
| Tool | Description | Parameters |
|---|---|---|
download_file | Download a file from remote system using Frida instrumentation. Uses double backslashes for Windows paths. Attaches to specified PID or finds explorer.exe. Works best for files up to ~500MB with 60s timeout. | file_path (string)output_path (string)pid (optional number)device_id (optional: "default" or connection string) |
Available Resources
Resources provide real-time, read-only access to Frida state via URI.
Direct Resources
| URI | Description |
|---|---|
frida://devices | List all connected Frida devices |
frida://sessions | List all active Frida sessions and their statuses |
frida://documentation | Frida tips & non-obvious JavaScript API features |
Resource Templates
| URI Template | Description |
|---|---|
frida://devices/{device_id} | Get detailed information about a specific device by ID |
frida://devices/{device_id}/processes | List processes on a specific Frida device. Use "default", "local", "usb", or "remote" for automatic device selection, provide a specific device ID, or use a connection string (hostname:port or hostname). |
frida://devices/{device_id}/processes/by-name/{process_name} | Find a process by name (case-insensitive partial match) on a specific device. Use "default" for configured remote device. Supports connection strings (hostname:port or hostname). |
frida://devices/{device_id}/processes/{pid}/module | Get main module information for a process (path, base address, size). Use "default" for configured remote device. Supports connection strings (hostname:port or hostname). |
frida://sessions/{sessionId}/messages | Retrieve messages from persistent scripts with default 100 message limit. Messages are consumed when retrieved. |
frida://sessions/{sessionId}/messages/{limit} | Retrieve messages from persistent scripts with custom limit. Use /last:N (e.g., /last:10 for last 10 messages) or /all for unlimited. Messages are consumed when retrieved. |