Comments (8)
Eltion
commented on June 11, 2024
9
Seems like there is a configuration file located at /data/data/com.instagram.android/mobileconfig/<sessionId>.data/0.mctable which can be used to configure if app will use HTTP/3.
This file is created after login, after the app sends a request to https://b.i.instagram.com/api/v1/launcher/mobileconfig/, unfortunately it's not clear which parameter is for HTTP/3 😥.
Seems like deleting the file disables HTTP/3 so I'll do that until I figure out a better solution.
from instagram-ssl-pinning-bypass.
tulir
commented on June 11, 2024
1
I think Instagram may have enabled HTTP/3 recently, which is UDP and bypasses usual proxy configurations. There's an issue for mitmproxy at mitmproxy/mitmproxy#4170, and I'd guess the Android emulator's proxy configuration also doesn't affect HTTP/3 at all.
As a quick workaround, I blocked all UDP traffic on my machine except port 53 (DNS) using iptables:
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp -j DROP
(if you have IPv6, repeat those with ip6tables)
After that all requests are visible in mitmproxy
@Eltion perhaps it would be possible to patch the app to not use HTTP/3?
from instagram-ssl-pinning-bypass.
polatdev
commented on June 11, 2024
1
this problem still persists.
from instagram-ssl-pinning-bypass.
Eltion
commented on June 11, 2024
@tulir Your right about this. It seems like after login and reopening the app instagram is using HTTP/3. Thanks for reporting it.
I've been trying to force HTTP2, had some success with it but the script is not as robust as it was before so I need to work a bit more into it. I just created a new branch for it here: disable-http3.
Like this it will work for the current version (260.0.0.23.115) but it will break for each release, so I need to find a better way to do it.
from instagram-ssl-pinning-bypass.
ChrisVinall
commented on June 11, 2024
I am still getting the same issue as #27 (HTTPS capturing works on first app run, not on subsequent runs) but no mobileconfig directory even exists in the specified location. Any idea what is going on here? I'm running instagram-v265.0.0.19.301-x86.apk. Thanks!
from instagram-ssl-pinning-bypass.
Eltion
commented on June 11, 2024
@ChrisVinall can you test using the latest version
from instagram-ssl-pinning-bypass.
ChrisVinall
commented on June 11, 2024
Ah, my bad, that works. Not sure how I was running such an old version, I thought I was up to date.
The nuking of the whole config is causing another issue for me related to app behaviour, but I'll try to figure it out.
from instagram-ssl-pinning-bypass.
Anilmemis
commented on June 11, 2024
when to share ssl pinning bypass for 284 version ?
from instagram-ssl-pinning-bypass.
Related Issues (20)
- [QUESTION] it's can work on threads app? HOT 1
- Is gadget injected into threads? HOT 2
- [BUG] Cannot install lief
- [BUG] Cannot find libliger.so HOT 1
- [BUG] Patched apk doesn't open HOT 8
- instagram lite HOT 1
- Facebook Lite?
- Help Needed for capturing traffic
- [BUG] Aborted connection to gateway.instagram.com and some other caused permanent ban HOT 1
- [BUG] HOT 3
- [BUG] java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
- keytool not installed or not in PATH HOT 1
- [BUG] Android 9 pass lasted ins version fail
- [BUG] Bypass is not work after login to account and re-open the app HOT 1
- no response and session terminated error
- Bypass instagram lite HOT 1
- sOLVed
- [BUG] ZAProxy shows no requests logs using Frida SSL bypass script on Instagram v320 HOT 15
- [BUG] Erro when start HOT 1
- Not working on Recent versions of Instagram app (Version 330) - Maybe Update Needed HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from instagram-ssl-pinning-bypass.