How do I set up reFlutter to intercept traffic with Burp Suite?

After running reFlutter on an APK, specify your Burp Suite IP, then configure Burp to listen on port 8083 with invisible proxying enabled. No certificate installation is needed on Android, as per the traffic interception guide.

Is reFlutter better than using Frida for Flutter apps?

reFlutter is specialized for Flutter with pre-patched engines, making traffic interception easier, but Frida offers more general scripting capabilities; choose based on whether you need Flutter-specific patches or flexible hooking.

Can reFlutter bypass all types of certificate pinning in Flutter?

The README states it helps bypass some Flutter certificate pinning implementations, but not all, so you might need additional techniques for robust bypass depending on the app's specific implementation.

How to extract the Dart code dump from an Android app using reFlutter?

Run the repacked app, use adb to pull the dump.dart file from /data/data/ /, but you must first manually find the correct offset for _kDartIsolateSnapshotInstructions, which adds a step of binary search.

Does reFlutter work with the latest Flutter version?

reFlutter supports stable and beta releases via enginehash.csv, but compatibility depends on pre-built patches; check the repository for updates as new Flutter versions may require new engine builds.

How to build a custom patched engine with reFlutter?

Use the provided Docker image, set environment variables like HASH_PATCH and COMMIT from enginehash.csv, and edit the source code during the build process, but this requires Docker knowledge and Flutter source familiarity.

Open-Awesome

reFlutter

GPL-3.0Pythonios-v2-f10776149bf76be288def3c2ca73bdc1

A reverse engineering framework for Flutter apps, enabling traffic interception and dynamic analysis via patched Flutter engines.

GitHub

1.5k stars188 forks0 contributors

What is reFlutter?

reFlutter is a reverse engineering framework specifically designed for Flutter applications. It provides pre-patched Flutter engine libraries that modify snapshot deserialization to enable dynamic analysis and traffic interception, helping security researchers inspect app behavior and network communication.

Target Audience

Security researchers, penetration testers, and mobile app developers focused on Flutter app security assessment and vulnerability discovery.

Value Proposition

Developers choose reFlutter for its ready-to-use patched engines, which simplify traffic interception and code analysis without requiring root access on Android, and its support for custom patch development via Docker.

Overview

Flutter Reverse Engineering Framework

Use Cases

Best For

Intercepting and analyzing network traffic from Flutter apps
Performing dynamic analysis on Flutter application code
Bypassing certificate pinning in Flutter applications
Reverse engineering Flutter apps for security assessments
Inspecting DartVM-loaded classes and functions during runtime
Developing custom patches for Flutter engine modifications

Not Ideal For

Projects requiring only static binary analysis without runtime intervention
Teams needing real-time debugging of Flutter apps with standard IDE tools
Environments where modifying app binaries is prohibited or impractical
Reverse engineering tasks focused on non-Flutter mobile frameworks

Pros & Cons

Pros

Traffic Interception Simplified

The patched socket.cc enables seamless network traffic monitoring through proxies like Burp Suite without root access on Android, as outlined in the traffic interception section.

Dynamic Code Analysis

Modified dart.cc prints DartVM classes, functions, and fields during runtime, aiding code exploration without extensive manual reverse engineering, evidenced by the dumped file examples.

No Root Required on Android

It allows traffic interception and analysis on Android devices without root privileges, simplifying setup compared to other reverse engineering tools.

Custom Patch Development

Includes a Docker-based workflow for manually modifying Flutter source code, enabling researchers to implement and test custom patches for specific needs.

Cons

Limited Data Extraction

The README's To Do list admits it doesn't extract more strings and fields yet, which can hinder comprehensive app analysis and require additional tools.

No Debug Engine Support

It only supports stable and beta Flutter engine releases, lacking debug version support, which may limit testing scenarios for developers.

Manual Configuration Overhead

Users must manually find _kDartIsolateSnapshotInstructions offsets and configure proxy settings, adding complexity and potential errors to the workflow.

Frequently Asked Questions

Related Projects

jadx

Dex to Java decompiler

Stars48,941

Forks5,538

Last commit6 days ago

Apktool

A tool for reverse engineering Android apk files

Stars24,718

Forks3,944

Last commit7 days ago

frida

Clone this repo to build Frida

Stars20,909

Forks2,132

Last commit3 days ago

OWASP Mobile Security Testing Guide

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

Stars12,954

Forks2,748

Last commit2 days ago

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub