{"id":17656,"library":"frida-http","title":"Frida HTTP Module","description":"Frida-http is a module designed to provide Node.js-compatible `http` and `https` client functionality within Frida's GumJS runtime environment. Version 3.0.0 is the current stable release, tightly integrated into the broader Frida ecosystem, with its release cadence generally aligning with major Frida framework updates. This module is primarily used by `frida-compile` to enable the use of standard Node.js HTTP client patterns within injected Frida agents, allowing developers to make network requests from the context of the target process. It differentiates itself by enabling network communication in an environment (Frida's instrumented process) where direct Node.js `http` APIs would otherwise be unavailable, serving as a critical component for dynamic analysis and reverse engineering tasks requiring outbound network communication from the target process.","status":"active","version":"3.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/frida/frida-http","tags":["javascript","frida"],"install":[{"cmd":"npm install frida-http","lang":"bash","label":"npm"},{"cmd":"yarn add frida-http","lang":"bash","label":"yarn"},{"cmd":"pnpm add frida-http","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Since Frida 17.0.0 and modern `frida-compile` versions, ES Modules (ESM) syntax is the recommended approach. While CommonJS might work with older setups, ESM ensures compatibility and proper bundling within Frida agents.","wrong":"const http = require('frida-http');","symbol":"http","correct":"import { http } from 'frida-http';"},{"note":"For secure HTTP (HTTPS) requests, `frida-https` is the dedicated module, typically used alongside `frida-http`. It also follows the ESM-first pattern.","wrong":"const https = require('frida-https');","symbol":"https","correct":"import { https } from 'frida-https';"},{"note":"Type imports for `IncomingMessage` (and `ClientRequest`) are essential when using TypeScript for agent development, providing type safety for HTTP response objects.","symbol":"IncomingMessage","correct":"import { IncomingMessage } from 'frida-http';"}],"quickstart":{"code":"import { http, IncomingMessage, ClientRequest } from 'frida-http';\nimport { https } from 'frida-https'; // Assuming frida-https also exists for SSL/TLS\n\nrpc.exports = {\n  /**\n   * Makes an HTTP or HTTPS GET request from the injected Frida agent.\n   * The response body (truncated) and status are sent back to the host.\n   * @param {string} url The URL to fetch.\n   * @param {boolean} useHttps Whether to use HTTPS (requires frida-https).\n   */\n  fetchUrl(url: string, useHttps: boolean = false): void {\n    const client = useHttps ? https : http;\n    \n    const req: ClientRequest = client.get(url, (res: IncomingMessage) => {\n      let data = '';\n      res.setEncoding('utf8');\n      res.on('data', (chunk: string) => {\n        data += chunk;\n      });\n      res.on('end', () => {\n        const truncatedBody = data.length > 200 ? data.substring(0, 200) + '...' : data;\n        send({\n          type: 'response',\n          url: url,\n          statusCode: res.statusCode,\n          headers: res.headers,\n          body: truncatedBody,\n        });\n      });\n    });\n\n    req.on('error', (e: Error) => {\n      send({\n        type: 'error',\n        url: url,\n        message: e.message,\n      });\n    });\n\n    req.end();\n    console.log(`[Frida Agent] Attempted to fetch: ${url}`);\n  },\n};\n\nconsole.log('[Frida Agent] Frida-HTTP agent initialized. Call rpc.exports.fetchUrl(url, useHttps) from host.');","lang":"typescript","description":"This Frida agent script demonstrates making HTTP and HTTPS GET requests using `frida-http` and `frida-https` from within the target process, sending results back to the host controller."},"warnings":[{"fix":"Ensure your Frida agent compilation process (e.g., with `frida-compile`) is updated to explicitly bundle `frida-http` and other runtime bridges. Use ES Module `import` syntax in your agent scripts.","message":"With Frida 17.0.0, runtime bridges like `frida-http` are no longer implicitly bundled within Frida's GumJS runtime. Agents relying on these modules must now be explicitly compiled using `frida-compile` (or similar bundler) to include these dependencies, and should use ES Module (ESM) syntax. This requires adjusting agent build processes.","severity":"breaking","affected_versions":">=17.0.0 of Frida / >=14.0.0 of frida-tools"},{"fix":"To proxy traffic or trust custom certificates, you must configure the target application's network settings, install certificates within the target device's trust store, or use Frida's APIs to hook network functions directly for custom proxying/certificate handling within the injected process.","message":"Network requests initiated via `frida-http` execute within the network context of the *target process*, not the host machine where your Frida client (Node.js/Python) is running. This means any host-level network configurations (proxies, VPNs, custom DNS, system-wide CA certificates) will not automatically apply to requests made by the injected agent.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Verify `frida-compile` is installed and up-to-date. Configure your `tsconfig.json` to output ES Modules and ensure `frida-http` is listed in your agent's dependencies if using a bundler, or included in the `frida-compile` command's input files.","message":"When developing Frida agents with TypeScript, ensuring that `frida-http` is correctly bundled and transpiled for the target environment can be challenging. Incorrect `tsconfig.json` settings or an outdated `frida-compile` setup can lead to module resolution failures or syntax errors in the injected script.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Use `frida-compile` to bundle your agent script. Ensure `frida-http` is specified as a dependency in your agent's `package.json` (if applicable) or explicitly included in the `frida-compile` input files, and compile with ES Module target.","cause":"The Frida agent script was not correctly bundled or compiled to include the `frida-http` module before injection into the target process.","error":"Error: Module not found: 'frida-http'"},{"fix":"Update your agent script to use ES Module `import` syntax: `import { http } from 'frida-http';`. Ensure your `frida-compile` configuration supports ES Modules output.","cause":"Attempting to use CommonJS `require()` syntax for `frida-http` in a Frida agent that is expecting ES Modules (which is the default for modern Frida and `frida-compile`).","error":"TypeError: require is not a function"},{"fix":"Check the network connectivity and DNS resolution capabilities of the target device/process. Ensure the device has internet access and correct DNS settings. For emulators, verify host-side DNS forwarding.","cause":"The target process or device where the Frida agent is running failed to resolve the domain name (DNS issue) for the requested URL.","error":"HTTP request error: getaddrinfo EAI_AGAIN example.com"},{"fix":"This typically occurs when intercepting HTTPS traffic with a proxy. Install your proxy's CA certificate into the target device's trust store. For Android, this often involves rooting the device and moving the certificate to `/system/etc/security/cacerts/`.","cause":"The target process's trust store does not contain a valid certificate authority (CA) to verify the SSL/TLS certificate of the HTTPS server being contacted.","error":"HTTP request error: unable to verify the first certificate"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}