Instagram iOS with SSL pinning bypassed / Instagram with certificate pinning bypassed. Get your private api endpoints now!
- DO NOT NEED JAILBREAK
- DO NOT NEED FRIDA
- Current version which was bypassed: 337.0.2
- You can now intercept all requests
- iOS Only
- Tested on iOS 15.4.1
- Any support is appreciated
- Download the IPA file
- Sideload the file (I personally suggest Sideloadly or TrollStore)
- Set up the proxy before starting the app (Was tested only with mitmproxy)
- Intercept
- Many people experienced crashing after login this is caused somehow by sideloading you have to sideload it using TrollStore to stop the crashing
| Icon | Bundle ID | Version | File Type | Download |
|---|---|---|---|---|
 |
com.burbn.instagram | 337.0.2 | IPA | Click here |
|
com.burbn.instagram | 335.0.8 | IPA | Click here |
|
com.burbn.instagram | 323.0.3 | IPA | Click here |
Message me on Telegram: @undecryptable
SSL pinning, also known as certificate pinning or public key pinning, is a security mechanism used in digital communication to enhance the security of a connection, particularly within the context of Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS).
When a client (such as a web browser or a mobile app) connects to a server over HTTPS, the server presents its SSL/TLS certificate to prove its identity. Normally, the client verifies the server's certificate by checking if it is signed by a trusted Certificate Authority (CA). However, SSL pinning adds an extra layer of security by requiring the client to validate the server's certificate against a known, pre-configured set of certificates or public keys, rather than solely relying on the CA's trust chain.
This project is for educational purposes only. It demonstrates bypassing SSL pinning in binaries, such as those used by Instagram/Meta, to help developers and researchers understand security vulnerabilities.
There is no intent to harm, exploit, or encourage illegal activities. If Instagram/Meta or any other party has concerns, please contact me at [email protected], and I will address the issue or take down the project as requested.
Use of this project is at your own risk; the creator is not responsible for any misuse.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent