Custom PhoneGap SSLCertificateChecker Bypass

by gchib297 December 15, 2025

4 views 99b75c40...

Description

Custom SSLCertificateChecker.execute() implementation bypass | App only proceeds if success callback is received

How to Use

Download the script and run it with Frida CLI:

Then run with Frida:


                                frida -U -f YOUR_PACKAGE_NAME -l custom-phonegap-sslcertificatechecker-bypass.js

Replace YOUR_PACKAGE_NAME with the target app's package name.

Source Code

JavaScript

/* Script start */

Java.perform(function x() {

    var SSLCertificateChecker = Java.use("nl.xservices.plugins.SSLCertificateChecker");
    SSLCertificateChecker.execute.implementation = function(str, jSONArray, callbackContext) {
        console.log('execute is called');

        Java.choose("org.apache.cordova.CallbackContext", {
            onMatch: function(instance) { //This function will be called for every instance found by frida
                console.log("Found instance: " + instance);
                console.log("Sending success");
                instance.success('CONNECTION_SECURE');
            },
            onComplete: function() {}
        });

        //var ret = this.execute(str, jSONArray, callbackContext); // Return value before modification
        var ret = true
        //console.log('execute ret value is ' + ret);
        return ret;
    };
});

Description

How to Use

Source Code

Comments