Skip to content

Commit

Permalink
Fixes #2824 (#2873)
Browse files Browse the repository at this point in the history
Co-authored-by: Jeroen Beckers <[email protected]>
  • Loading branch information
TheDauntless and Jeroen Beckers authored Aug 12, 2024
1 parent daf4fc2 commit b12f25e
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
3 changes: 2 additions & 1 deletion techniques/android/MASTG-TECH-0012.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ This section describes various ways to bypass SSL Pinning and gives guidance abo

There are several ways to bypass certificate pinning for a black box test, depending on the frameworks available on the device:

- Cydia Substrate: Install the [Android-SSL-TrustKiller](https://github.com/iSECPartners/Android-SSL-TrustKiller "Android-SSL-TrustKiller") package.
- Frida: Use the [frida-multiple-unpinning](https://codeshare.frida.re/@akabe1/frida-multiple-unpinning/ "Project: frida-multiple-unpinning") script.
- Objection: Use the `android sslpinning disable` command.
- Xposed: Install the [TrustMeAlready](https://github.com/ViRb3/TrustMeAlready "TrustMeAlready") or [SSLUnpinning](https://github.com/ac-pm/SSLUnpinning_Xposed "SSLUnpinning") module.
Expand All @@ -30,6 +29,8 @@ Here's an example of the output:

See also [Objection's help on Disabling SSL Pinning for Android](https://github.com/sensepost/objection/blob/master/objection/console/helpfiles/android.sslpinning.disable.txt) for further information and inspect the [pinning.ts](https://github.com/sensepost/objection/blob/master/agent/src/android/pinning.ts "pinning.ts") file to understand how the bypass works.

Note that the frida-multiple-unpinning script from @MASTG-TOOL-0032 covers more scenarios than the Objection script.

## Bypass Custom Certificate Pinning Statically

Somewhere in the application, both the endpoint and the certificate (or its hash) must be defined. After decompiling the application, you can search for:
Expand Down
10 changes: 7 additions & 3 deletions tools/generic/MASTG-TOOL-0032.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,16 @@ platform: generic
source: https://codeshare.frida.re/
---

[Frida CodeShare](https://codeshare.frida.re/ "Frida CodeShare") is a repository containing a collection of ready-to-run Frida scripts which can enormously help when performing concrete tasks both on Android as on iOS as well as also serve as inspiration to build your own scripts. Two representative examples are:
[Frida CodeShare](https://codeshare.frida.re/ "Frida CodeShare") is a repository containing a collection of ready-to-run Frida scripts which can enormously help when performing concrete tasks both on Android as on iOS as well as also serve as inspiration to build your own scripts. Some examples of useful scripts:

- Universal Android SSL Pinning Bypass with Frida - <https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/>
- Frida Multiple Unpinning - <https://codeshare.frida.re/@akabe1/frida-multiple-unpinning/>
- Disable Flutter TLS verification - <https://codeshare.frida.re/@TheDauntless/disable-flutter-tls-v1/>
- ObjC method observer - <https://codeshare.frida.re/@mrmacete/objc-method-observer/>
- JNI Trace - <https://codeshare.frida.re/@chame1eon/jnitrace/>
- Dump dynamically loaded DEX - <https://codeshare.frida.re/@cryptax/inmemorydexclassloader-dump/>
- Enable iOS WebInspector - <https://codeshare.frida.re/@leolashkevych/ios-enable-webinspector/>

Using them is as simple as including the `--codeshare <handler>` flag and a handler when using the Frida CLI. For example, to use "ObjC method observer", enter the following:
Using them is as simple as including the `--codeshare <script>` flag with the chosen script when using the Frida CLI. For example, to use "ObjC method observer", enter the following:

```bash
frida --codeshare mrmacete/objc-method-observer -f YOUR_BINARY
Expand Down

0 comments on commit b12f25e

Please sign in to comment.