This repository contains automation and testing scripts for analyzing and testing the Sephora mobile application.
It includes screen mirroring, SSL unpinning, MITM experiments, and automated device interaction.
Main entry point of the project.
This script orchestrates the execution of the testing workflow, including device interaction, traffic capture, and runtime instrumentation.
Contains predefined interaction sequences used to navigate and interact with the Android application.
Implements low-level UI actions such as taps, swipes, text input, and navigation, typically executed via adb.
File for mitmproxy traffic captures.
These file stores recorded HTTP(S) interactions used for analysis of network behavior, authentication flows, and backend communication.
Frida script used for runtime instrumentation of the Android application.
Typical use cases include SSL unpinning, method interception, and behavioral analysis.
Generic Frida helper script that hooks all methods of selected classes.
Useful for broad tracing and reverse-engineering during dynamic analysis.
Notes and observations collected during testing and experimentation.
Used for internal documentation, debugging, and analysis tracking.
Ignored because it contains external tools such as scrcpy and other third-party utilities, which belong to separate projects and should not be versioned.
Contains test APK files.
These are intentionally excluded from the repository.
Python bytecode cache, ignored automatically.
This file must be created manually.
It contains credentials and network configuration and is ignored for security reasons.
Example:
user = "user@gmail.com"
password = "12345"
ip = "192.168.x.x"
Replace the values with your own.- Install ADB
- Install USB drivers for your device
- Install Python 3.10+
- Install Frida tools:
pip install frida-toolsEnable:
- Developer options
- OEM unlocking
- USB debugging
(Optional, only for advanced operations):
- Install TWRP
- Flash Magisk
- Root the device
Push Frida server:
adb push frida-server /data/local/tmp/Make executable:
adb shell su -c "chmod 755 /data/local/tmp/frida-server"Run Frida server as root:
adb shell su -c "/data/local/tmp/frida-server &"Download Frida Gadget if required.
-
Install mitmproxy
-
Follow instructions to install the certificate as system certificate
- Obtain the legacy subject hash of the certificate
openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1- Rename the certificate to .0 (example hash: c8750f0d)
cat mitmproxy-ca-cert.cer > c8750f0d.0- Open an ADB shell
adb shell
- Switch to superuser
su
- Remount the system partition as read-write
mount -o remount,rw /system
- Copy the certificate into the system CA store
cp /sdcard/c8750f0d.0 /system/etc/security/cacerts/
- Set correct permissions on the certificate file
cd /system/etc/security/cacerts/ chmod 644 c8750f0d.0- Verify ownership, permissions, and SELinux context
ls -al -Z /system/etc/security/cacerts/ | grep c8750f0d.0- Reboot the device
reboot
Download scrcpy (https://github.com/Genymobile/scrcpy) for your operating system and place it in /programs
The main Python automation script performs:
- Starts screen mirroring using scrcpy
- Starts mitmproxy in a separate console
- Launches the app with Frida loading a script for the Sephora app
- Waits for the device/app to initialize
- Runs user interaction automation first logs in and then performs some actions
- Keeps running until Ctrl+C
- On Ctrl+C, all subprocesses (scrcpy, mitmproxy, frida) are terminated cleanly.
Each tool opens in its own console window to keep logs separated.
adb shell settings put global http_proxy 192.168.x.x:8080adb shell settings put global http_proxy :0frida --codeshare akabe1/frida-multiple-unpinning -U -f fr.sephora.sephorafranceadb shell getevent /dev/input/eventX
adb shell sendevent /dev/input/eventXadb shell "input tap 790 540"
adb shell "input tap 300 840"
adb shell "input text 'Example text'"This repository is for testing and research of the Sephora mobile application.