Bypass SSL Pinning With FRIDA

Before we proceed, let’s have a look at the tools necessary for FRIDA SSL pinning

Tools Needed

  • Android Emulator (Nox: https://www.bignox.com/)
  • Python3 on the windows machine
  • Ubuntu on windows
  • Frida
  • ADB
  • SSL Pinned APK

Ubuntu on Windows

Install Ubuntu from Microsoft Store (if it asks for account creation click no or skip)

After Your user has been setup. Install the following on ubuntu

  • sudo apt-get install pip3
  • pip3 install frida-tools
  • pip3 install frida
  • pip3 install objection

To check if Frida is properly installed or not

  • frida –version

NOX EMULATOR

You will require android 7 for this. Nox Multi drive □ add emulator □ select android7

SSL PINNED APK

First, we need package name of the SSL pinned apk that can be achieved through app called apk analyzer

Open it and find your apk save the package as we need it later

Secondly, we need to check the architecture of or emulator before we download Frida server

I have used Droid Hardware apk. Our architecture is x86. So, we will download Frida server for x86

Download Frida server from GitHub release page

Extract the Frida -server using 7zip or something similar

Go the location where NOX has been installed

Open the cmd terminal on the same location

ADB

First copy the Frida server to /data/local/tmp (with the help of adb). We need to push the server to shell

  • Command: adb push \ /data/local/tmp

Example:

  • adb push: C:\Users\uzmakin\Desktop\Frida\frida-server-12.8.20-android-x86\frida-server-1 2.8.20-android-x86 /data/local/tmp

Now Execute the following

  • adb shell
  • cd /data/local/tmp
  • chmod 755 frida-server-12.8.20-android-x86
  • ls -al
  • ./ frida-server-12.8.20-android-x86 ( this will make the frida server running)

UBUNTU on Windows Cont.

Execute the following

  • frida-ps -u | grep
  • objection -g explore -q
  • android sslpinning disable

Now u have your unpinned app now burp will be able to capture the traffic. You need to keep it running when pen testing is going.

Harsh Savla is the Information Security Consultant at qSEAp Infotech pvt. ltd.
Contact: +919594166642| harsh.savlai@qseap.com

Share Blog