Setup FRIDA for (Bypass SSL Pinning)
- First, need to run android emulator and make sure ADB connection is okay
- Run “su” command to run as root
adb shell
su
- Run this command on terminal after emulator is up, to identify the CPU Architecture of the emulator
adb shell getprop ro.product.cpu.abi
- Download FRIDA Server at https://github.com/frida/frida/releases , based on CPU architecture
- Extract the “frida-server-12.8.20-android-x86.xz”
- Rename the extracted file become “FRIDA-Server”
- Move the extracted “FRIDA-Server” to the android emulator at /data/local/tmp location (By running this command)
adb push FRIDA-Server /data/local/tmp
- Install FRIDA-Tools in host (Linux), by following this manual installation at https://frida.re/docs/installation/
- Give execute permission on current user execute the file on emulator
chmod +x FRIDA_Server
- Run the Frida Server in the emulator
./frida-server &
- Run the Mobile Application that need to be tested on the emulator
- Next, to find the Application package name, Run this command on host terminal
frida-ps -U
- Command to Bypass SSL Pinning
frida -l ssl_pinning.js -U -f com.app.my --no-pause
Now you can start intercept your mobile application using Burp Suite or OWASP Zap tools.
Thanks you to all readers.
- Get the SSL Pinning Script from here https://codeshare.frida.re/
- Sample code : ssl.js
Java.perform(function() {var array_list = Java.use("java.util.ArrayList");
var ApiClient = Java.use('com.android.org.conscrypt.TrustManagerImpl');ApiClient.checkTrustedRecursive.implementation = function(a1, a2, a3, a4, a5, a6) {
// console.log('Bypassing SSL Pinning');
var k = array_list.$new();
return k;
}}, 0);