You need a rooted android device to do this.
-
Run:
sudo apt-get install android-tools-adb
or follow steps here: https://www.xda-developers.com/install-adb-windows-macos-linux/
-
Run the following commands:
`python -m pip install Frida` `python -m pip install objection` `python -m pip install frida-tools` Or `pip install Frida` `pip install objection` `pip install frida-tools`
-
If running on windows, make sure to include dirs containing
frida.exe
in PATH variables for system env. -
To find out the arch version of the device, run following command:
adb shell getprop ro.product.cpu.abi
-
Go to this link and download frida-server for android for your arch. And then unzip it and rename the unzipped file as “frida-server”.
-
Follow this guide to set proxy in burp for android device (https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-device-to-work-with-burp ):
a. export CA cert from BurpSuite and name it "cacert.cer"
b. export CA cert again from BurpSuite and name it "cacert.der"
c. Email the "cacert.cer" file to a gmail address.
d. On your android device, open the email in Gmail app and open the "cacert.cer" attachment.
e. Enter you passcode, if prompted, and add the cert to the trusted root CA on device. Name it anything you want.
-
Run the following commands:
adb push frida-server /data/local/tmp
adb shell chmod 755 /data/local/tmp/frida-server
-
Then in a different terminal window run "adb shell" and do the following commands (do not close the terminal after done. Just minimize it):
su
cd /data/local/tmp/
./frida-server &
Just minimize the terminal.
-
You must have exported the burp cert in step 6(b).
Run the following command to push the burp cert to device:
adb push cacert.der /data/local/tmp/cert-der.crt
-
Run the following command while app is open on the rooted android device:
Command:
frida-ps –U
Note down the package name from the list of running processes.
-
If no errors in previous step, then run the following command:
frida --codeshare akabe1/frida-multiple-unpinning –U –f <package-name>
Type “%resume” when the prompt appears.
-
Don’t forget to configure wifi settings to use burp as proxy.
SSLPinning BYPASSED!!
Enjoy!!