unil-esc-pain-reverse/tls_inspectionc9a0b37dcb4dmaster
unil-esc-pain-reverse/tls_inspection
c9a0b37dcb4dmaster
tls_inspection
tls_inspection
README.md
README.md
HTTPS Inspection Pinning Bypass
- Frida - Somewhat Universal Bypass
- Easy mode
- Frida - Somewhat Universal Bypass
- https://techblog.mediaservice.net/2018/11/universal-android-ssl-pinning-bypass-2/
frida -U -f org.package.name -l frida_universal_android_pinning_bypass_v2.js --no-pause
- Harder Mode, requires replacing the trusted root certificate.
- https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/
- https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/
Brida - Frida and Burp Integration for Bypass
(But requires reversing the app)
- https://www.hackinbo.it/slides/1508354139_HackInBo%202017%20Winter%20Edition%20-%20Federico%20Dotta%20-%20Advanced%20mobile%20penetration%20testing%20with%20Brida%20-%20141017.pdf
- https://techblog.mediaservice.net/2018/04/brida-a-step-by-step-user-guide/
Demo
adb root adb push frida-server-14.2.8-android-arm64 /data/local/tmp adb shell "chmod +x /data/local/tmp/frida-server-14.2.8-android-arm64" adb shell "/data/local/tmp/frida-server-14.2.8-android-arm64 &" # if on local laptop conda activate frida frida-ps -Uai
com.meross.meross
frida -U -f com.meross.meross -l frida_universal_android_pinning_bypass_v2.js --no-pause
Traffic should be intercepted without problems
com.arlo.app
frida -U -f com.arlo.app -l frida_universal_android_pinning_bypass_v2.js --no-pause
Traffic should be intercepted without problems
com.netatmo.thermostat
frida -U -f com.netatmo.thermostat -l frida_universal_android_pinning_bypass_v2.js --no-pause
Traffic should be intercepted without problems
com.xiaomi.smarthome
Some traffic already visible without pinning bypass -> http traffic, insecure.
frida -U -f com.netatmo.thermostat -l frida_universal_android_pinning_bypass_v2.js --no-pause
Traffic should be intercepted without problems
com.nest.android
frida -U -f com.netatmo.thermostat -l frida_universal_android_pinning_bypass_v2.js --no-pause
Some traffic intercepted, some still fails, the app does not load.
c4science · Help