1. Home
  2. sowdust
  3. Universal Android SSL Pinning Bypass 2

Universal Android SSL Pinning Bypass 2

by
4 views 70f18f4a...

Description

Use this frida script to bypass all SSL checks

How to Use

Download the script and run it with Frida CLI:

Download Script

Then run with Frida:

frida -U -f YOUR_PACKAGE_NAME -l universal-android-ssl-pinning-bypass-2.js

Replace YOUR_PACKAGE_NAME with the target app's package name.

Source Code

JavaScript 
/* 
   Universal Android SSL Pinning Bypass
   by Mattia Vinci and Maurizio Agazzini 

   $ frida -U -f org.package.name -l universal-ssl-check-bypass.js --no-pause

    https://techblog.mediaservice.net/2018/11/universal-android-ssl-check-bypass-2/
*/

Java.perform(function() {

    var array_list = Java.use("java.util.ArrayList");
    var ApiClient = Java.use('com.android.org.conscrypt.TrustManagerImpl');

    ApiClient.checkTrustedRecursive.implementation = function(a1, a2, a3, a4, a5, a6) {
        // console.log('Bypassing SSL Pinning');
        var k = array_list.$new();
        return k;
    }

}, 0);
Share this script:
Twitter LinkedIn

Comments

Login or Sign up to leave a comment.
Loading comments...