Certificate Pinning Bypass (Android)
Bypassing certificate pinning using three different methods: Frida, Xposed Framework with JustTrustMe, and Modifying APK.
Last updated
Was this helpful?
Bypassing certificate pinning using three different methods: Frida, Xposed Framework with JustTrustMe, and Modifying APK.
Last updated
Was this helpful?
Frida is a powerful tool for dynamic instrumentation, allowing you to hook into an app's runtime and modify its behavior.
Steps to Implement Certificate Pinning Bypass with Frida:
Set Up Your Environment:
Install Frida on your testing device and your computer.
On your computer:
bash
On your Android device:
bash
Create a Bypass Script:
Write a Frida script to bypass SSL pinning. Save the script as bypass_script.js
.
Run the Script:
Use Frida to run the script on your Android device. Ensure your device is connected and Frida server is running:
Test the App:
Interact with the app and monitor network traffic using tools like Burp Suite to ensure the certificate pinning is bypassed.
Prerequisites
Rooted Android Device: Ensure your device is rooted to install the Xposed Framework.
Xposed Framework Installed: The Xposed Framework should be installed on your rooted device.
Steps:
Root Your Android Device:
Install Xposed Framework:
Install the Xposed Installer APK on your device.
Open the Xposed Installer and install the framework by selecting "Framework" and then "Install/Update."
Reboot your device to apply the changes.
Install JustTrustMe Module:
Open the Xposed Installer app.
Go to the "Downloads" section and search for the "JustTrustMe" module.
Download and install the JustTrustMe module.
After installation, go to the "Modules" section in the Xposed Installer and check the box next to JustTrustMe to activate it.
Reboot Your Device:
Reboot your device to apply the changes and ensure the module is active.
Test the App:
Open your app and perform actions that require network communication.
With JustTrustMe activated, the app should bypass certificate pinning, allowing Burp Suite to intercept and analyze the traffic.
Monitor Network Traffic:
Use Burp Suite to monitor and analyze the intercepted traffic. You should now be able to see and manipulate the encrypted data that the app sends and receives.
Prerequisites
APKTool installed on your computer.
Java Development Kit (JDK) installed.
Android Debug Bridge (ADB) installed and set up.
Rooted Android Device (optional for some steps).
Set Up Your Environment:
Ensure you have APKTool, JDK, and ADB installed.
Set up the environment variables for JDK and ADB for easy access.
Decompile the APK:
Use APKTool to decompile the APK. This will convert the APK into a set of readable files and folders.
The yourapp
directory will contain the decompiled files.
Locate Certificate Pinning Logic:
Navigate through the decompiled files to find the network-related code. This is usually located in classes related to SSL/TLS connections.
Use a text editor or IDE to search for keywords like TrustManager
, HostnameVerifier
, checkServerTrusted
, or SSLContext
.
Modify the Code:
Modify the pinning logic to bypass the certificate checks. You can either comment out the pinning logic or modify it to accept all certificates. Example:
Ensure all necessary changes are made to bypass the pinning.
Recompile the APK:
Use APKTool to recompile the modified APK.
The recompiled APK (yourapp-modified.apk
) will be generated in the specified output directory.
Sign the APK:
The recompiled APK needs to be signed before it can be installed on your device. Use the JDK's jarsigner
tool to sign the APK with a debug certificate.
When prompted, use the default keystore password (android
).
Install the Modified APK:
Use ADB to install the modified APK on your Android device.
bash
If the app is already installed, you may need to uninstall the existing version first:
bash
Test the App:
Open the modified app on your Android device and perform actions that require network communication.
Use tools like Burp Suite to intercept and analyze the traffic. The certificate pinning should be bypassed, allowing you to intercept the SSL/TLS traffic.
Ensure your Android device is rooted. You can find specific guides for rooting your device based on its model and Android version. Popular tools for rooting include and .
Follow the for details
Download the Xposed Installer APK from the .