amazing frida ssl-bypass guide, not my own
[pt mpt Some resources referred
Defeating Android Certificate Pinning with Frida
Android Pen-testing - Bypass SSL pinning
Setting up adb
- Download adb here.
- Extract the files.
- Run adb.exe from the extracted location.
- To test if ADB is working, run:
# make sure the virtual Android device is running, or a physical Android device with USB debugging mode switched on is connected to the attacking machine
.\adb devices
Setting up Frida framework
# make sure python3 is installed
pip install frida
pip install frida-tools
Troubleshooting if “frida” command is not found
- You may encounter situation where “frida” or “frida-ps” command is not found.
- This is due to environment setting not configured properly.
- Look for frida.exe in your machine (possibly located at “C:\Users\Username\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\Scripts")
- Add to PATH
Getting Frida server
- You may find all the releases here.
- Look for the architecture that matches with the testing Android device.
- Check the architecture with this command:
.\adb.exe shell getprop ro.product.cpu.abi
Getting Frida SSL Unpinning .js script
Running the script
# copy the server file and the .js script to the Android device
.\adb.exe push frida-server-15.1.14-android-x86 /data/local/tmp
.\adb.exe push unpin2.js /data/local/tmp
# open a shell on the Android device
.\adb.exe shell
# switch to root user (optional)
su
# go to /data/local/tmp directory, with the server file is copied to
cd /data/local/tmp
# change the server file permission
chmod 755 fri*
# run the server file in the background
./frida-server-15.1.14-android-x86 &
# look for the app id for which you need to bypass certificate pinning
frida-ps -U | findstr -i yourapp
# run the script
frida -U 'YourApp' -l unpin2.js --no-pause
- Try to access the app function again for the bypass to take effect.