I don't have a lot of experience working with rotating proxies, but I'm not sure if there is a good way to intercept traffic if your IP is regularly being changed.

I haven't looked at Instagram specifically, but some apps will implement some more robust SSL pinning that is more difficult to bypass. This bypass method will work for most apps, but if they have more robust protections in place, it may require some reverse engineering and custom scripting in order to bypass it. You can also try some of the Frida scripts from the Frida Codeshare. Sometimes I find that one of those scripts will work when Objection won't.

@@CorSecure thank you for your answer. I tested all codeshare from frida I find and no one worked. The solution is indeed scripting and RE but This is too hard for me.

Unfortunately it is not persistent. You will have to launch the app with Objection and re-run the command every time you want to bypass SSL pinning.

This video is for iPhone. I have a few other videos for using Frida with Android. Samsung shouldn't be any different than other Androids. Using Frida usually does requires the phone to be rooted though, and it can be a bit difficult to root Samsung devices. I'm linking a couple videos below. The first one is the typical way to use Frida with a rooted device, and the second is a way to use Objection with non-rooted devices. The second one takes some extra work, but it's an option if you don't have a rooted device. I hope these can help. kzbin.info/www/bejne/iWm0pWSajMuDoNU kzbin.info/www/bejne/p5Ktc4qZqsp2f6M

Did you use palera1n to jailbreak your iphone? I don't think I've ever seen this issue, but I found this thread where several people said were facing this issue after using the unc0ver jailbreak. github.com/frida/frida/issues/1202 Also if you are using a Mac, you can try running Xcode like the error message suggests. If that doesn't work, maybe try re-jailbreaking with palera1n.

iOS emulators don't really exist. You usually need a physical device in order to test iPhone apps. I would recommend trying to find a used iPhone from ebay or somewhere like that to use as your testing device.

I cover that in my video about jailbreaking kzbin.info/www/bejne/bIXPqaaIZr6goassi=pzkLEE1bT0t1Xfai

I haven't looked at Facebook specifically, but some apps will sometimes use much more sophisticated certificate pinning and certificate transparency protections that can be very difficult to bypass. For most apps that use basic SSL pinning, they can usually be bypassed with tools like frida and objection like I showed in this video, but for apps that use those more sophisticated protections, you would probably need to do some pretty intense reverse engineering and custom scripting in order to bypass them.

@@CorSecure Can you create an Messenger IPA file with integrated SSL pinning bypass functionality?

It may be possible to reverse engineer the app and bypass the license check, but that would probably take some significant reverse engineering and/or scripting with Frida. And depending on the app, they may also be doing some sort of server-side check to verify the license. I don't think there is any sort of universal bypass for that kind of thing. It would be very specific to the individual app and would probably require a lot of manual analysis.

@@CorSecure Do you know of anyone I could contact? It would be up for something like that?

did you install the proxy certificate on your phone? if the certificate is properly installed, you should be seeing traffic in the HTTP history in burp at least from your web browser.

@@CorSecure i will look about it ,wait my reply, Thx

I don't see proxy detection in the apps that I work with very often, but I think you should be able to bypass it using Frida. I will probably make some videos in the future on some different Frida bypasses, and I can try to cover that one as well.

Do u want see it case?

You can intercept traffic with Burp Suite without jailbreak, but your device has to be jailbroken to install Frida and bypass SSL pinning. There are some ways to use Objection with a non-jailbroken device and bypass SSL pinning, but that takes a lot of extra work. I may end up making a video covering that in the future though.

@@CorSecure I need that video, I'm begin crazy on iOS 17.5 with an app that wants SSL Pinning on not jailbroken device

I have heard of this happening before. I think it may be related to the jailbreak method that you used. Did you use palera1n or a different jailbreak? This thread on github has a workaround listed for the unc0ver jailbreak. I haven't tried it myself though. I hope this helps! github.com/frida/frida/issues/1231

Is your iPhone on the same network as the machine running Burp? Are on a corporate network or anything that might have a firewall or something in the way?

@@CorSecure They are on the same network on Burp Suite Professional, I got it on Community, no

If your phone is on the same network as your burp instance, the proxy is listening on the correct IP address, and proxy setting on the phone is set to the same IP and port, you should be able to access burp. Apparently some people have had issues related TLS 1.3 though. portswigger.net/burp/documentation/desktop/mobile/troubleshooting If you have made sure everything is set up properly, my only suggestion would be to contact PortSwigger support.