I followed your burp documentation,and also installed Burp's CA certificate to my phone(real rooted device not emu),now if I try to log https history then only getting two requests related to "reliability_event_log_upload" and also tried with intercept on/off both way but result were same.

I tried patched APK that are in your repo and also tried frida script with untouched insta apk,If i use mitm proxy it works fine but only problem in burp and fiddler

Describe the bug
The latest patched apk is not working

Method
Patched APK

App info

• Version: instagram-v265.0.0.19.301
• Arch: x86_64

Device info

• Model: AVD (Android studio)
• Android Version: 13

Proxy tool
mitmproxy: v9.0.1

Logs

Describe the bug
I have installed the patch apk but burp is still showing this unknown_ca error.

Method
Patched APK

App info

• Version: instagram-v256.0.0.18.105
• Arch: armeabi-v7a

Device info

• Model: Infinix X657B
• Android Version: 13
• Lineage OS GSI

Proxy tool
burp: v2023.6.2.0

Logs

Additional context
My phone is a rooted infinix with lineage os 20 gsi running. I have tried using burp without installing the ca certificate, installing it as a user certificate and also installing it as a system certificate but none of these methods have worked for me.

please fast as possible!

Describe the bug
Hi, I am facing a bug with the Pre Patched apk. When I launch the app for the first time with Burp capturing, Everything seems fine, But when I close the app (after login) and relaunch, the request capturing just stops. Although the app works fine but nothing is captured anymore. Restarting the emulator doesn't help but I'm able to recapture requests by clearing data or reinstalling the app.

Method
Patched APK

App info

• Version: instagram-v265.0.0.19.301-x86_64
• Arch: x86_64

Device info

• Model: Samsung SM-G9810, Nox Emulator
• Android Version: 9

Proxy tool
brup: v2022.12.6

Hello, I have a doubt, because I am not using an emulator, it is a real machine, I can't go over the wall, how to use mitmproxy to capture packets.
if you know, please guide me, thank you very much.

I got error with trying to patch apk version 302.1.0.36.111 x86 with patch_apk.py script:

App ABIs: ['x86']
Supported ABIs: ['x86']
Generating keystore...
Generating 2 048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 8 000 days
for: CN=com.leftenter.android, OU=ID, O=APK, L=Unknown, ST=Unknown, C=XK
[Storing C:\Users\a\PycharmProjects\Instagram-SSL-Pinning-Bypass/temp/release.keystore]
Created config_file at: C:\Users\a\PycharmProjects\Instagram-SSL-Pinning-Bypass/temp\libgadget.config.so
Created script_file at: C:\Users\a\PycharmProjects\Instagram-SSL-Pinning-Bypass/temp\libsslbypass.js.so

Patching for x86
Extracting: lib/x86/libmemalign16.so
Downloading firda-gadget-16.1.4-x86.so.xz
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:291)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:84)
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at java.base/sun.security.util.ObjectIdentifier.(Unknown Source)
at java.base/sun.security.util.DerInputStream.getOID(Unknown Source)
at java.base/com.sun.crypto.provider.PBES2Parameters.engineInit(Unknown Source)
at java.base/java.security.AlgorithmParameters.init(Unknown Source)
... 10 more

i tried both 2 menthods on my android phone redmi notr 4 android 7 nothing worked. it is not intercepting connections.please check before posting.

Describe the bug
I installed provided in README.md apk file instagram-v275.0.0.27.98-armeabi-v7a.apk, logged in clear account and after some time got banned, because app was not able to access gateway.instagram.com

Method
Patched APK

App info

• Version: instagram-v275.0.0.27.98
• Arch: armeabi-v7a

Device info

• Model: ZTE Blade A51
• Android Version: 11

Proxy tool
HTTP Toolkit 1.12.3.0

Logs

Additional context
Now Instagram is telling me that I have violated their rules and am engaging in bots and unauthorized activities, so now I need to send a selfie of me holding a paper with credentials on it so they can see that I am not a bot and unblock my account.

для ВК и ОК Viber WhatssApp можете сделать такие приложения без SSL ??

This bypass does not work on Instagram Lite

How to use Burp Suite to sniffer Instagram api？

Commit

line 172, 174, 175 has to be reverted, we fixed the issue but later you deleted this code and broken the building:

[...] and not file.filename.startswith("resources.arsc"):
    [...]
if not os.path.exists(os.path.join(TEMP_FOLDER, file.filename)) and file.filename.startswith("resources.arsc"):
    apk_out.writestr(file.filename, apk_in.read(file.filename), compress_type=zipfile.ZIP_STORED, compresslevel=0)

resources.arsc has to be STORED not COMPRESSED, otherwise it doesn't build a valid apk file on R

Hey,

Can you help me with similar commands for macOS as you have posted in the readme for Ubuntu?

Describe the bug
After running the apk patch python script, the patched apk crashes when opened. However, I have downloaded the apks you put on the repo and they work just fine

Method
Patched APK

App info

• Version: instagram-v270.2.0.24.82
• Arch: arm64-v8a

Device info

• Model: Samsung SM-A600T
• Android Version: 8

Proxy tool
brup: v2022.5.2

it's can work on meta threads app?

Describe the bug

I can't get it to work. In my terminal i get :
Client TLS handshake failed. The client does not trust the proxy's certificate for infinitedata-pa.googleapis.com (OpenSSL Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown')]))

While if I open the Chrome browser I can see the different requests with mitmproxy, and for that I installed the mitmproxy certificate. But in the patched app i only get this error, with tcp unusable informations.
(I tried with and without mitmproxy certificate and instagram patched app and it didnt work :/ )

Method
Patched APK

App info
instagram-v265.0.0.19.301-arm64-v8a.apk

Device info

• Model: Pixel 4 , android studio emulator
• Android Version: 12

Proxy tool
mitmproxy: v9.0.1

Hi, can you help me generate a query_hash for /api/v1/launcher/mobileconfig/ ?

SIGNATURE.{"bool_opt_policy":"0","mobileconfigsessionless":"","api_version":"3","unit_type":"1","query_hash":"dae17f1d3276207ebfe78f7a67cc9a04d4b88ff8c88dfc17e148fafb3f655b8e","device_id":"19ab534f-6663-4cf1-bc23-6b243c4db542","fetch_type":"ASYNC_FULL","family_device_id":"88E1F432-B994-45C1-A8CD-0BE4493E4004"}

For windows after download build tool and run the patch.py show this print.
where exactly find keytool ?

I'm making a instagram api wrapper, do u know how i can get notifications for events like, get a direct message

Describe the bug
after running the app it immediately crash for some reason ...

summary steps :

installed burp Certificates
downloaded IG app
downloaded js script
pushed frida and give it the permission
run frida
used the command frida -U -l .\instagram-ssl-pinning-bypass.js -f com.instagram.android
app starts then immediately crash

Method
Patched APK or Frida

App info

• Version: instagram-v248.0.0.17.109
• Arch: x86, x86_64,

Device info

• Model: Samsung SM-N975F, memu emulator
• Android Version: 7.1

Proxy tool
brup: v2022.5.2

logcat

--------- beginning of system
--------- beginning of crash
--------- beginning of main
01-27 16:46:19.785  3901  3901 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:46:19.790  3901  3901 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:46:20.011  3901  3901 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:46:28.457  4057  4057 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:46:28.459  4057  4057 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:46:28.534  4057  4057 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:06.974  5326  5326 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:48:06.975  5326  5326 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:48:06.992  5326  5367 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Found libliger at: 0xc3d42000
01-27 16:48:06.997  5326  5367 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
01-27 16:48:07.031  5326  5326 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:07.468  5510  5510 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:48:07.472  5510  5510 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:48:07.540  5510  5510 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:36.406  5707  5707 V INSTAGRAM_SSL_PINNING_BYPASS: [*][*] Waiting for libliger...
01-27 16:48:36.407  5707  5707 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked checkTrustedRecursive
01-27 16:48:36.450  5707  5707 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked SSLContextInit
01-27 16:48:36.960  5707  5720 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Found libliger at: 0xcefd6000
01-27 16:48:36.971  5707  5720 V INSTAGRAM_SSL_PINNING_BYPASS: [*][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE

Patched apk fails to install on Android R and above.

adb install output:

adb: failed to install instagram-v239.0.0.14.111-x86.apk: Failure [-124: Failed parse during installPackageLI: Targeting R+ (version 30 and above) requires the resources.arsc of installed APKs to be stored uncompressed and aligned on a 4-byte boundary]

Describe the bug
Everything was fine until last week, for now I can't do it.
I tried both frida and the patched APK, but I couldn't do both.
when I'm trying to login. long loading started and finally I got "An unknown network error has occured" Error

Method
Both APK and Frida

App info

• BypassedApkVersion: instagram-v256.0.0.18.105
• ApkVersionWhenUseFrida:instagram-v257.1.0.16.110
• Arch: x86

Device info

• Model: Genymotion(10), docker-android(10), pixel5a(real device)(12)
• Android Version: 10,12

Proxy tool
mitmproxy: v8.1.1

Logs
mitm-bypassed-apk.log
logcat-bypassed-apk.log
logcat-with-frida.log
mitm-with-frida.log

Additional context
These logs comes from genymotion
please check.

I modded my own app but it keeps crashing

App info

Version: instagram-v273.0.0.14.72
Arch: arm64-v8a

Device info

Model: Samsung SM-G950F
Android Version: 9

it look like than must connect mqtt.Facebook.com , but this link is socket .

Hi, can you add support for Facebook Lite please?

First of all, you are appreciated! Secondary I’m hoping to try and run this without root. Is Frida gadget implemented? I saw a line or two in the source code but unsure.

i just wanted to contact you but i am unable to send you message on twitter and i don't know your email address

thank you

Describe the bug
Instagram crashes right after start

Method
Patched APK with your python patcher

App info

• Version: instagram-v274.0.0.26.90
• Arch: arm64-v8a

Device info

• Model: Samsung A53
• Android Version: 13

Proxy tool

brup: v2023.2.3

Logs
logcat logs attached
logcat.logf

Additional context
The patched APK crashes right after start. The files from your repo work without issues.
Here is the stock apk (base.apk) from Google Play and the patched one.
https://drive.google.com/file/d/1VcSC7KZgS4HkGV6AL5_iUj04yXJmkN1m/view?usp=share_link

Any help to get this working is highly appreciated.

while creating patch apk its asking

Enter key password for

can i get password sir

Describe the bug
A clear and concise description of what the bug is.

Method
Patched APK or Frida

App info

• Version: instagram-v248.0.0.17.109
• Arch: x86, x86_64, armeabi-v7a, arm64-v8a

Device info

• Model: Samsung SM-A525F, Nox Emulator
• Android Version: 12

Proxy tool
mitmproxy: v8.1.1
brup: v2022.5.2

Logs
Frida or logcat logs, screenshots, mitmproxy event logs, Brup event log.

Additional context
Add any other context about the problem here.

Describe the bug
A clear and concise description of what the bug is.

Method
Patched APK

App info

• Version: instagram-v256.0.0.18.105-arm64-v8a.apk
• Arch: arm64-v8a

Device info

• Model: xiaomi 8
• Android Version: 8.1

Proxy tool
charles: v4.6.2

Logs

Additional context
有时候能用有时候不能用，能用的时候是可以正常抓包的，不能用的时候手机APP什么数据都加载不进来，APP一片空白

Describe the bug
While I start frida, the android app start but frida crash. The app don't crash on the device.
frida -U -l ~/instagram-ssl-pinning-bypass.js -f com.instagram.android

After, in mitmproxy, the TCP connection are still encrypted while I copy the mitmproxy certifica in /system/etc/security/cacerts/..

Method
Frida with the patched apk of the repo

App info

• Version: instagram-v265.0.0.19.301-x86_64
• Arch: x86_64

Device info

• Model: google pixel emulate vie avd : "system-images;android-30;google_apis;x86_64"
• Android Version: 11

Proxy tool
mitmproxy: v9.0.1

Logs

Describe the bug
When I first used this guide to bypass android SSL pinning I was able to see all the requests that the Instagram client was making such as Photos, API requests or simply profile informations fetching.
Right now, after some time, I came back on Instagram SSL pinning bypass and all I can see are requests you can see in the image below.

Method
I'm using Frida for bypassing the SSL pinning.

App info

• Version: Instagram-v256.0.0.18.105
• Arch: arm64-v8a

Device info

• Model: PIXEL_XL API 29 emulator
• Android Version: 10

Proxy tool
mitmproxy: v8.1.1

Logs
I'm using Frida tool for logging.

Thanks so much in advance !!!

Describe the bug
Latest version 264.0.0.22.106 Apk downloaded from here (arm64-v8a, nodpi) and successfully patched on Ubuntu. Patched apk crashed on Pixel 4 XL on startup. No root on device. Patched apk from this git repo works fine (v 256).

Method
Patched APK

App info

• Version: instagram-v264.0.0.22.106
• Arch: arm64-v8a

Device info

• Model: Google Pixel 4XL
• Android Version: 13

Proxy tool
brup: latest

Logs

root@ubuntu:/home/Instagram-SSL-Pinning-Bypass# python3 patch_apk.py -i com.instagram.original.apk -o ig3.apk
App ABIs:  ['arm64-v8a']
Supported ABIs:  ['arm64-v8a']
Generating keystore...
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 8,000 days
        for: CN=com.leftenter.android, OU=ID, O=APK, L=Unknown, ST=Unknown, C=XK
[Storing /home/Instagram-SSL-Pinning-Bypass/temp/release.keystore]
Created config_file at:  /home/Instagram-SSL-Pinning-Bypass/temp/libgadget.config.so
Created script_file at:  /home/Instagram-SSL-Pinning-Bypass/temp/libsslbypass.js.so

Patching for arm64-v8a
Extracting: lib/arm64-v8a/libmemalign16.so
Downloading firda-gadget-16.0.8-arm64-v8a.so.xz
[==================================================]

Patching: /home/Instagram-SSL-Pinning-Bypass/temp/lib/arm64-v8a/libmemalign16.so
Rebuilding apk file...
Running zipalign...
Signing apk...
Sucessful. Patched file at: ig3.apk

Additional context
Add any other context about the problem here.

I tried using the frida script to bypass the pinning on my phone (arm64-v8a ABI) but it didn't work, i am still getting certificate errors for some reason?

Can you help me with this?

need the latest version Frida js file. plzzz

Tiktok ssl pinning can already bypass in rooted android phone/emulator. But I need the pached Apk to run on non rooted phone.
https://www.apkmirror.com/apk/tiktok-pte-ltd/tik-tok-including-musical-ly/tik-tok-including-musical-ly-25-4-4-release/

Everything was fine until yesterday, but today I can't do it.

I tried both frida and the patched APK, but I couldn't do both.

when I'm trying to login. long loading started and finally I got this error

Brother I can't capture the Instagram app data
How to solve the issue
Only encrypted TLS are showing

As itsMoji and my version Instagram introduced in the last 3 months something to check ssl unpinning, when opening the app the first time everything works good with the proxy, but when you close it and reopen it doesn't work anymore and doesn't load any picture. We should investigate maybe on smali source code. I will take a look

An idea would be to find the first version with this new security check and do diffing, but is a bit stressing I guess and will take a while, but is the only one that I have rn.

Hi please check your mail, I have send the details about a project

Describe the bug
A clear and concise description of what the bug is.

Method
Patched APK or Frida

App info

• Version: instagram-v248.0.0.17.109
• Arch: x86, x86_64, armeabi-v7a, arm64-v8a

Device info

• Model: Samsung SM-A525F, Nox Emulator
• Android Version: 12

Proxy tool
mitmproxy: v8.1.1
brup: v2022.5.2

Logs
Frida or logcat logs, screenshots, mitmproxy event logs, Brup event log.

Additional context
Add any other context about the problem here.

I followed the Patch APK guide but when I installed the app on my phone it installs successfully but doesn't open. But when I installed an already patched version it works fine.

App info

• Version: instagram-v293.0.2.28.93
• Arch: arm64-v8a

Device info

• Model: Realme Narzo 50A
• Android Version: 13

Nox Player works well but if after the restart you have to log out and log in again so that burp proxy works again.
happened to you too? always registering again after a restart?

Describe the bug
A clear and concise description of what the bug is.

Method
Patched APK or Frida

App info

• Version: thread
• Arch: x86_64

Device info

• Model: Xiaomi note 7, genymotion
• Android Version: 12

Proxy tool
brup: lasttest

Logs
Frida or logcat logs, screenshots, mitmproxy event logs, Brup event log.

Additional context
Add any other context about the problem here.

Describe the bug

Instragram has changed their implementation. While libliger.so is included in the APK, it does not seem to be called in the process of SSL certificate verification. On the otherhand, libliger-common_1.so is called, however, the function "_ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE" is not exported.

Tracing the socket close calls (as a result of failing cert verification), we can see that they are coming from libmobilenetworkstack.so:

4036 ms addr=10.0.2.16:42896, lr=0x6fb1e9393c, /data/data/com.instagram.android/lib-compressed/libmobilenetworkstack.so

Method
Frida

App info

• Version: instagram-v288.1.0.22.66
• Arch: arm64-v8a

Device info

• Model: Android Studio Emulator
• Android Version: 13

Proxy tool
mitmproxy: v8.1.1

Logs
Frida log:

[][] Waiting for libliger...
[][+] Hooked checkTrustedRecursive
[][+] Hooked SSLContextInit

Additional context
Add any other context about the problem here.

Can you create ssl pinning bypass for instagram lite version?

thanks Eltion

tg @NpProblem1