Project: iOS Proxy detection bypass

Try this code out now by running

$ frida --codeshare electrondefuser/ios-proxy-detection-bypass -f YOUR_BINARY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/*
Author: Vineet Nair (electrondefuser), Siddharth Saxena (s1dds)
Organization: XYSec Labs (Appknox)
*/
const CFNetwork = Module.getExportByName('CFNetwork', 'CFNetworkCopySystemProxySettings');
console.log("[+] Found CFNetwork as " + ptr(CFNetwork))
Interceptor.attach(CFNetwork, {
onEnter(args) {
console.log("[+] Detected Proxy Check");
},
onLeave(retval) {
var NSDict = ObjC.classes.NSMutableDictionary.alloc().init();
var data = getDefaultNetworkingConfig();
var keys = Object.keys(data);
for (var i = 0; i < keys.length; i++) {
NSDict.setObject_forKey_(keys[0], data[keys[0]]);
}
console.log("[+] Bypassing with iOS default networking values")
retval.replace(NSDict)
}
});
function getDefaultNetworkingConfig() {
var config = {
"FTPPassive": "1",
"ExceptionsList": "(\"*.local\", \"169.254/16\")",
"__SCOPED__": "{ en0 = {ExceptionsList = (\"*.local\", \"169.254/16\"); FTPPassive = 1; }; }"
}
return config
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Fingerprint: 42d97ab9a302df2a8b7957b528c983771c4113dd26623c366f53557f5afbe8ba