frida-universal-pinning-bypasser
4 views
2d772283...
Description
Another universal ssl certificate pinning bypass script for Android (https://gist.github.com/akabe1/ac6029bf2315c6d95ff2ad00fb7be1fc)
How to Use
Download the script and run it with Frida CLI:
Download ScriptThen run with Frida:
frida -U -f YOUR_PACKAGE_NAME -l frida-universal-pinning-bypasser.js
Replace YOUR_PACKAGE_NAME with the target app's package name.
Source Code
JavaScript
/* Another universal ssl certificate pinning bypass script for Android
by Maurizio Siddu
Run with:
frida -U -f [APP_ID] -l frida_universal_pinning_bypasser.js --no-pause
*/
setTimeout(function() {
Java.perform(function() {
console.log('');
console.log('======');
console.log('[#] Android Universal Certificate Pinning Bypasser [#]');
console.log('======');
// TrustManagerImpl Certificate Pinning Bypass
try {
var array_list = Java.use('java.util.ArrayList');
var custom_TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl');
//custom_TrustManagerImpl.checkTrustedRecursive.implementation = function(untrustedChain, trustAnchorChain, host, clientAuth, ocspData, tlsSctData) {
custom_TrustManagerImpl.checkTrustedRecursive.implementation = function(a, b, c, d, e, f, g, h) {
//if host:
console.log('[+] Bypassing TrustManagerImpl pinner for: ' + b + '...');
//else:
// console.log('[+] Bypassing TrustManagerImpl pinner...');
var fakeTrusted = array_list.$new();
return fakeTrusted;
}
} catch (err) {
console.log('[-] TrustManagerImpl pinner not found');
}
// OpenSSLSocketImpl Certificate Pinning Bypass
try {
var custom_OpenSSLSocketImpl = Java.use('com.android.org.conscrypt.OpenSSLSocketImpl');
custom_OpenSSLSocketImpl.verifyCertificateChain.implementation = function (g, i) {
console.log('[+] Bypassing OpenSSLSocketImpl pinner...');
}
} catch (err) {
console.log('[-] OpenSSLSocketImpl pinner not found');
}
});
},0);
Comments