Frida CodeShare

Project: iOS Proxy detection bypass

Try this code out now by running

$ frida --codeshare electrondefuser/ios-proxy-detection-bypass -f YOUR_BINARY

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
/* 
    Author: Vineet Nair (electrondefuser), Siddharth Saxena (s1dds)
    Organization: XYSec Labs (Appknox)
*/
const CFNetwork = Module.getExportByName('CFNetwork', 'CFNetworkCopySystemProxySettings');
console.log("[+] Found CFNetwork as " + ptr(CFNetwork))
Interceptor.attach(CFNetwork, {
    onEnter(args) {
        console.log("[+] Detected Proxy Check");
    },
    onLeave(retval) {
        var NSDict = ObjC.classes.NSMutableDictionary.alloc().init();
        var data = getDefaultNetworkingConfig();
        var keys = Object.keys(data);
        for (var i = 0; i < keys.length; i++) {
            NSDict.setObject_forKey_(keys[0], data[keys[0]]);
        }
        console.log("[+] Bypassing with iOS default networking values")
        retval.replace(NSDict)
    }
});
function getDefaultNetworkingConfig() {
    var config = {
        "FTPPassive": "1",
        "ExceptionsList": "(\"*.local\", \"169.254/16\")",
        "__SCOPED__": "{ en0 = {ExceptionsList = (\"*.local\", \"169.254/16\"); FTPPassive = 1; }; }"
    }
    return config
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Fingerprint: 42d97ab9a302df2a8b7957b528c983771c4113dd26623c366f53557f5afbe8ba