Hooker

v1.0.0โ€ขSecurityโ€ขstable

๐Ÿ”ฅ๐Ÿ”ฅ hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

androidapkboringsslfridajusttrustme
Share:
5,143
Stars
0
Downloads
0
Weekly
0/5

What is Hooker?

Hooker is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ๐Ÿ”ฅ๐Ÿ”ฅ hooker is a frida-based reverse engineering toolkit for android. it offers a user-friendly cli, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click so...

๐Ÿ”ฅ๐Ÿ”ฅ hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • ๐Ÿ”ฅ๐Ÿ”ฅ hooker is a Frida-based reverse engineering toolkit for A

Use Cases

Reverse engineer Android apps using Frida-based dynamic analysis.
Inspect and manipulate app behavior with auto hook generation and SOCKS5 proxy.
CreditTone

Maintainer

LicenseMIT
Languagejavascript
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx hooker

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Hooker

Hooker is a Frida-based Android reverse engineering toolkit that provides a comfortable interactive CLI for dynamic instrumentation of Android apps, including universal SSL unpinning (covering both the standard TrustManager and BoringSSL), automatic hook script generation, memory scanning to enumerate Activities and Services, one-click SOCKS5 proxy setup without extra apps, and an embedded HTTP server that can expose internal app APIs as network endpoints. It automatically manages frida-server on the connected rooted device so you never have to push or start it manually. Security researchers and Android developers use it to analyze app behavior, intercept encrypted traffic, and rapidly prototype Frida scripts without writing repetitive boilerplate.

Prerequisites

  • A rooted Android device or ARM/ARM64 emulator connected via ADB (x86 emulators are not supported)
  • Python 3.8 or later with pip
  • ADB (Android Debug Bridge) installed and the device visible via 'adb devices'
  • Git to clone the repository
  • On Windows: WSL (Windows Subsystem for Linux) with Ubuntu 24.04 is required
1

Clone the hooker repository

Clone the project and change into the directory. Always run hooker from within this directory โ€” do not use an absolute path.

git clone https://github.com/CreditTone/hooker.git
cd hooker
2

Install Python dependencies

Install all required Python packages from the requirements file.

pip3 install -r requirements.txt
3

Connect your rooted device

Plug in your Android device with USB debugging enabled and confirm ADB can see it. Hooker will automatically push and start the correct frida-server binary for your device architecture.

adb devices
4

Start hooker

Launch the interactive CLI from inside the hooker directory. Hooker will display all debuggable apps found on the device with their PID and package name.

python3 hooker.py
5

Enter a package name to begin reverse engineering

At the hooker prompt, type the package identifier of the app you want to analyze. Hooker will bring the app to the foreground, create a working directory for it, and generate built-in Frida scripts including SSL unpinning and hook templates.

hooker(Identifier): com.example.targetapp
6

Run a universal script (e.g., SSL unpinning)

From the hooker interactive prompt, attach the JustTrustMe SSL unpinning script to bypass certificate pinning for the target app. The script covers standard TrustManager, BoringSSL, and OkHttp pinning.

attach just_trust_me

Hooker Examples

Client configuration

Hooker is a standalone CLI tool run directly from your terminal, not an MCP server with a JSON config. Start it by running python3 hooker.py from the cloned directory with a device connected.

{
  "mcpServers": {
    "hooker": {
      "command": "npx",
      "args": ["hooker"]
    }
  }
}

Common hooker commands

These are the most frequently used commands from inside the hooker interactive CLI after selecting a target app.

- attach just_trust_me          # Bypass SSL certificate pinning (TrustManager + BoringSSL)
- attach url                    # Hook and log all HTTP/HTTPS URLs the app opens
- attach keystore_dump          # Dump keystore keys used by the app
- spawn ssl_log                 # Spawn app fresh and capture all SSL traffic
- attach hook_encryption_algo   # Hook common encryption algorithms (AES, DES, RSA)
- socks5 on                     # Enable SOCKS5 proxy on the device without SocksDroid
- webserver on                  # Start embedded HTTP server to expose app APIs

Troubleshooting Hooker

Hooker fails with 'Failed to spawn: unable to find process' or frida-server errors

Ensure your device is rooted and that the ADB connection is stable. Hooker manages frida-server automatically, but the device must grant root access to ADB. On some ROMs, run 'adb root' first. x86 architecture emulators are not supported โ€” use ARM or ARM64 targets.

SSL unpinning via just_trust_me does not intercept traffic for a specific app

Some apps use BoringSSL native libraries rather than the Java TrustManager. Try 'attach just_trust_me' first; if that fails, use 'attach find_boringssl_custom_verify_func' followed by 'spawn just_trust_me' to catch SSL traffic at the native layer.

Hooker launches but shows no apps in the list

The app list comes from ADB. Run 'adb shell pm list packages' to verify ADB is working. Ensure the device screen is unlocked and that the phone is authorized for this computer in the USB debugging dialog.

Frequently Asked Questions about Hooker

What is Hooker?

Hooker is a Model Context Protocol (MCP) server that ๐Ÿ”ฅ๐Ÿ”ฅ hooker is a frida-based reverse engineering toolkit for android. it offers a user-friendly cli, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click socks5 proxy setup, frida justtrustme, and boringssl u It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Hooker?

Follow the installation instructions on the Hooker GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Hooker?

Hooker works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Hooker free to use?

Yes, Hooker is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Hooker Alternatives โ€” Similar Security Servers

Looking for alternatives to Hooker? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "hooker": { "command": "npx", "args": ["-y", "hooker"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide โ†’

Ready to use Hooker?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides