Universal Android SSL Pinning Bypass

by avltree9798 December 15, 2025

4 views d0ac2876...

Description

How to Use

Download the script and run it with Frida CLI:

Then run with Frida:


                                frida -U -f YOUR_PACKAGE_NAME -l universal-android-ssl-pinning-bypass.js

Replace YOUR_PACKAGE_NAME with the target app's package name.

Source Code

JavaScript

/*
   Universal Android SSL Pinning Bypass
   by Anthony Viriya (@avltree9798)

   $ frida -U -f org.package.name -l universal-ssl-check-bypass.js --no-pause
*/

Java.perform(function() {
    var TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl');
    var ArrayList = Java.use("java.util.ArrayList");
    TrustManagerImpl.verifyChain.implementation = function(untrustedChain, trustAnchorChain,
        host, clientAuth, ocspData, tlsSctData) {
        console.log("[+] Bypassing TrustManagerImpl->verifyChain()");
        return untrustedChain;
    }
    TrustManagerImpl.checkTrustedRecursive.implementation = function(certs, host, clientAuth, untrustedChain,
        trustAnchorChain, used) {
        console.log("[+] Bypassing TrustManagerImpl->checkTrustedRecursive()");
        return ArrayList.$new();
    };
});

Description

How to Use

Source Code

Comments