Android Pen-testing - Bypass SSL pinning

Рет қаралды 51,812

Күн бұрын

Пікірлер: 50

@kalisettyhashika5327 2 жыл бұрын

Thank you for this video! This video has given me confidence to test android applications. Hope you continue making such amazing videos! Cheers!

@psychorockz123 4 жыл бұрын

@BitsPlease Great tutorial. You explained each step very well. However the automated script injection may not work for most applications. Could you make a video explaining how to manually tamper with the smali code and bypass pinning?

@prarthanarao8406 4 жыл бұрын

Thanks , this really helped with the issues I was Facing !

@BitsPlease 4 жыл бұрын

Thanks Prarthana. Glad it helped.

@wikali6128 5 жыл бұрын

Look like you missed an important step, once you pushed the cert generated by Burp suite to android emulator but you haven't installed it .....so placed it in /data/local/temp

@BitsPlease 5 жыл бұрын

Thanks for pointing it out Wika Li. Yes, you gotta go to your device and install the certificate. i believe my earlier certificate is still doing the job.

@DeeptimanPattnaik1991 5 жыл бұрын

Very nicely done, very well explained , Thank you :)

@ngeeannboiii8554 3 жыл бұрын

16:04 . Command line at the right is cut off. what is the full command to run the .js file??

@tulsirao2764 4 жыл бұрын

awesome video..thanks a lot for the detailed video and android pt series.

@TekTok 4 жыл бұрын

i face this issue "Failed to spawn: the 'argv' option is not supported when spawning Android apps" can you help me pls

@Thunder-dp7du 3 жыл бұрын

Great video what If the communication has been encrypt any other way to bypass it.

@sangameshr.t.2476 2 жыл бұрын

Is there any way to stop this bypass ? I have tried adding public key and adding certificate to the code but it still being bypassed.

@Exrienz 5 жыл бұрын

where is the link for frida ssl repinning script?

@Hacking_vibe 2 жыл бұрын

I need that

@dimassahidabdullah1183 2 жыл бұрын

why did my script doesn't work for bypass ssl pinning? I got the script from Frida's Website

@m7zr 8 ай бұрын

Same… did you fix it?

@nopenope5949 8 ай бұрын

Nope@@m7zr

@righamjain9457 3 жыл бұрын

Can you please tell me the version of Twitter app you are using as the version i tried to install on Android v7.1 is giving me error

@gcpa7539 5 жыл бұрын

what android emulator you are using on the video?

@BitsPlease 5 жыл бұрын

I’m using Genymotion.

@gcpa7539 5 жыл бұрын

@@BitsPlease thanks

@smartcontract647 3 жыл бұрын

I'm getting an error: Failed to spawn: the 'argv' option is not supported when spawning Android apps, Can anyone help me?

@arcanghelfernandez3856 5 жыл бұрын

This could have been a very good step by step installing Frida, however did not provide detailed information especially for beginners

@FortniteBRLeaks 4 жыл бұрын

Yeah this tutorial is horrible. I'm moving onto someone else who can explain it better

@mersalmakers1577 3 жыл бұрын

Sir how can I get hook.js file?

@wazzygray 5 жыл бұрын

Which os you're using

@habeebkhaa5057 3 жыл бұрын

Thanks a lot, this really helped a lot.

@viralshah2855 5 жыл бұрын

Hi Can you do this with xposed framework with SSL unpinning or any other simillar module?. Please show detail process how to install and use xposed framework and modules

@bayronkentoy 5 жыл бұрын

What android version did you used ?

@BitsPlease 5 жыл бұрын

I'm using Android 8.0 (API level 26).

@joyoe 4 жыл бұрын

@@BitsPlease then sir, do plz tell me, during executing "rida -U -f com.twitter.android -l frida-android-repinning.js --no-paus", I ran into error "[o] Error: java.io.FileNotFoundException: /data/local/tmp/cert-der.crt (Permission denied) ", I believe it is because I'm using Magisk for rooting, it doesn't change the adbd into root, so I won't be about to access to "cert-der.crt" in system directory, plz correct me if I'm wrong, and besides, if yes, how did you fix this? I'm using Android 9.0, thanks for answering

@manojkansal02 5 жыл бұрын

#BitsPlease @BitsPlease Could you please help me as i am not able to make a connection with genymotion/virtualbox and burpsuite. What type of connection setting in need to setup in virtual box and which ip i need to config to set up over wifi not using LAN.