Universal Android SSL Pinning Bypass with Frida
98 | 376K
Uploaded by: @pcipolloni
Android SSL Re-Pinning, more information can be found here https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/
Android SSL Re-Pinning, more information can be found here https://techblog.mediaservice.net/2017/07/universal-android-ssl-pinning-bypass-with-frida/
Another Android ssl certificate pinning bypass script for various methods (https://gist.github.com/akabe1/5632cbc1cd49f0237cbd0a93bc8e4452)
Android antiroot checks bypass
Observe all method calls to a specific class (e.g. observeClass('LicenseManager')) , or dynamically resolve methods to observe using ApiResolver (e.g. observeSomething('*[* *Password:*]')). The script tries to do its best to resolve and display input parameters and return value. Each call log comes with its stacktrace.
Find out which functions are called by a given function on the next call
Show useful info about AES encryption/decryption at application runtime
Developers of Android applications usually tend to add additional "protection" (e.g. AES encryption) to their proprietary communication protocols, or to encrypt local files in order to hide some sensitive information. This snippet intercepts Java Crypto API in Android application, prints a symmetric key, algorithm spec, and a plain data right before the final encryption (as well as a cipher data right before the decryption).
Use this frida script to bypass all SSL checks
List iOS file data protection classes (NSFileProtectionKey) of an app
Libc-based anti-frida bypass (strstr)
find android hook: inline hook/got hook/java hook
Bypass antiroot detection for Xamarin apps!
iOS通用脱壳脚本 dumpdecrypted with frida to dump iOS encrypted binary
Trace the JNI API in Android apps.
Implementation of Okhttp3 network interceptor
Observe file system accesses by hooking some java.io.File* classes and methods, libc open/read functions and try to resolve associtation between file descriptor and path. Optionally, it can dumps the data.