Mobile (APK / IPA + Frida)

The Mobile views give Hugin a full mobile app testing toolkit: APK / IPA static analysis, device management, Frida-based dynamic instrumentation, certificate-pinning bypass, and proxy setup automation for Android and iOS.

Pro license required.

🔗Sub-Views

The Mobile section is split into six tabs:

🔗Devices

Lists physical devices (USB / network) and emulators (Android Studio AVD, Genymotion, iOS Simulator). Per device:

  • Vendor, model, OS version
  • Connection state (online / unauthorized / offline)
  • Root / jailbreak status
  • Frida server reachability
  • Actions: Install APK, Pull APK, Open shell, Forward port, Reverse port

Includes an Emulator Manager for spawning AVDs from saved profiles.

🔗Apps

Lists installed apps on the selected device:

  • Package name, version, install source
  • Sandbox path
  • Cleartext-traffic flag
  • Network security config detected
  • Actions: Launch, Stop, Clear Data, Pull APK, Pull data dir, Inspect manifest

🔗Static Analysis

Offline analysis of APK or IPA files:

  • Decompile — Android: jadx (Java/Kotlin → readable source) and apktool (resources / smali). iOS IPA support exists for binary inspection and Info.plist parsing.
  • ManifestAndroidManifest.xml / Info.plist with security review (exported components, intent filters, URL schemes, permissions, debuggable, allowBackup, networkSecurityConfig)
  • Binary info — ABI, packers detected, anti-debug / anti-tamper signals
  • Secret scanner — hard-coded API keys, AWS creds, Firebase configs in code and resources
  • Network config — Network Security Config / NSConfig domains and pinning info

🔗Dynamic (Frida)

Frida-based runtime instrumentation. Requires frida-server running on the target device.

  • Spawn an app under Frida control
  • Attach to a running process
  • Object inspection (Objection wrappers): objection_classes, objection_methods, objection_env
  • One-click bypasses:
    • SSL pinning bypass — Android (OkHttp, X509TrustManager, custom) + iOS (NSURLSession, AFNetworking, TrustKit)
    • Root / jailbreak bypass — common detection libraries
  • Custom scripts — load any Frida JavaScript

🔗Storage

Inspect app-private storage on the device:

  • Shared Preferences (Android) / NSUserDefaults (iOS) — read/write
  • SQLite databases — list / dump tables
  • App files — browse the sandbox tree
  • Pull storage — download the entire data dir

🔗Monitor

Live monitoring of the selected app:

  • logcat filtered to the app’s process
  • iOS syslog filtered similarly
  • Crash detection — auto-pulls native + Java crash reports
  • Network log — all sockets/HTTPS connections from the app, even when not proxied

🔗Proxy Setup

The Proxy Setup action automates getting an app’s traffic into Hugin:

🔗Android

  • Sets device proxy to Hugin’s IP + port
  • Pushes Hugin CA cert to system store (root devices) or user store (with NSConfig override hint)
  • Detects + warns about cleartext-traffic settings
  • Optionally toggles certificate pinning bypass via Frida

🔗iOS

  • Generates manual proxy instructions (Settings → Wi-Fi → Configure Proxy)
  • Generates the trust-CA-cert step for the iOS profile installer
  • Optionally toggles SSL pinning bypass via Frida
  • For unjailbroken devices, walks through the full mitm setup including profile installation

🔗Toolchain

The Toolchain action verifies that the external binaries Hugin shells out to are present on PATH. The current toolchain entries:

  • Android: adb, emulator, jadx, apktool, aapt2
  • Frida: frida, frida-ps, objection
  • iOS (libimobiledevice): idevice_id, ideviceinfo, ideviceinstaller, ideviceimagemounter, idevicescreenshot, idevicesyslog, idevicecrashreport

Missing binaries surface with install hints. Hugin doesn’t bundle these — install via your OS package manager (brew install android-platform-tools libimobiledevice frida on macOS, etc.).

🔗MCP

The mobile MCP tool exposes 50+ actions covering everything in the views: toolchain, devices, device_info, emulator_start, emulator_list, analyze_apk, analyze_ipa, decompile, decode, manifest, network_config, binary_info, scan_secrets, apps, app_info, install, uninstall, launch, stop, clear_data, pull_apk, frida_ps, frida_apps, frida_spawn, frida_attach, ssl_bypass, root_bypass, objection_ssl, objection_env, objection_classes, objection_methods, proxy_setup, proxy_clear, proxy_check, push_ca, check_cleartext, ios_proxy_instructions, shared_prefs, read_shared_pref, databases, dump_database, app_files, pull_storage, logcat, crash_detect, syslog, crashes, raw_shell, forward, reverse.

LLM agents can chain these for autonomous mobile testing — install APK, launch under Frida, bypass SSL pinning, run app to capture traffic, then analyse.