Рет қаралды 8,636
#android #sslpinning #frida #pentest #mobilesecurity #mitm
Hey Guys, in this video i have explained about capturing the HTTPS traffic from a very well obfuscated android application. Since the app is obfuscated and using SSL Pinning even if an attacker tries to intercept the network traffic by performing man in the middle attack (MiTM), he or she will only get TLS negotiation failed error message on their proxy server. In this video you will see how we can bypass SSL Pinning using frida framework.
The sample application which we have used here is from httptoolkit. The reason why i have chosen this app is because it is using different networking libraries for performing SSL Pinning so you will be able to get an idea about how we can bypass SSL Pinning checks in different apps.
You can either download the release build of this application or build it by yourself from the source code from their github repository: github.com/httptoolkit/androi...
Here is the frida script which we have used in this video: codeshare.frida.re/@akabe1/fr...
I hope you like the content and if you find it useful then don't forget to hit the like button and subscribe to this channel.
You can also buy me a coffee: www.buymeacoffee.com/secfatalz