Comments (30)
Hi, the new versions are using TLS 1.3.
Many proxies do not support this protocol so I'm not sure whether they've changed the pinning mechanism or just using an unsupported protocol.
Either way I'll be trying to find/make my own TLS 1.3 supporting proxy and find out.
from fbunpinner.
I'll let you know when I get home,
only had the time to test it on 1 version
from fbunpinner.
did I do something wrong !!
I follow the steps over and over
but still the same
Yes, you're not using OpenJDK 11 - your BurpSuite uses the Java stack to decode network protocols, and your version doesn't support TLS 1.3
Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?
You can reach me via Twitter for DMs
Closing this for now - issue solved :)
from fbunpinner.
Same is happening with the Facebook app (Facebook 210.0.0.43.119 (x86)). The apps just lose internet connectivity when I connect to internet via Burpsuite proxy. I am sure that I am missing something during my unpinning procedure even after following every step in README.
Many things can go wrong with your setup,
anyways lucky you - just a couple of days after I published this tool Facebook rolled out their own solution:
https://thehackernews.com/2019/03/facebook-whitehat-setting-hackers.html
Not sure if you can sniff when you're logged out but I hope this works better for you :)
from fbunpinner.
The latest version for android 4.4 + x86
https://yadi.sk/d/7Xcb8AXz3aAQc3
I hope you will succeed. Thank you for your hard work.
from fbunpinner.
The latest version for android 4.4 + x86
https://yadi.sk/d/7Xcb8AXz3aAQc3
I hope you will succeed. Thank you for your hard work.
Hi, I'm working on an automatic solution for the newer versions.
I think anything before March 2018 should work with the current patcher.
from fbunpinner.
Added a patch for TLS1.3 for x86! 🎆
Make sure you use a proxy supporting TLS1.3 (I use burpsuite+openjdk 11)
from fbunpinner.
Thank you very much for your work. What version did you test? When I try the patch writes the following
[+] Patching TLS1.3 stack!
[!] Could not find the required code to patch!
from fbunpinner.
Excuse me. Another question is, which burpsuite do you use free or pro?
The whole day looking for solution but not working TLS 1.3, tested on the website https://tls13.crypto.mozilla.org/
Getting Error Received fatal alert: protocol_version error/
from fbunpinner.
Free version with openjdk-11
from fbunpinner.
Thanks for work. Write please what version did you test?
from fbunpinner.
com.facebook.katana_210.0.0.43.119-143667991_minAPI26(x86)
I'll generalize the script for other versions soon.
from fbunpinner.
You may be asked to share this version. And if you don't mind patched libcoldstart.
What emulator do you use?
from fbunpinner.
https://www.apkmirror.com/apk/facebook-2/facebook/facebook-210-0-0-43-119-release/
Just follow the instructions...
I use Genymotion - an x86 emulator for Android
from fbunpinner.
Should be fixed, let me know if you find a version where it's not working
from fbunpinner.
How to root my emulator device ?
from fbunpinner.
Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?
from fbunpinner.
Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?
Hi
What is your android emulator software?
from fbunpinner.
Thank you. On 211 everything works well. Have you tried to watch the traffic Facebook lite? It is very interesting to see the traffic from this version. But sniffer does not see it unfortunately. Can I get in touch with you via github?
Hi
What is your android emulator software?
https://www.memuplay.com/home/Home/V2?l=ru
from fbunpinner.
did I do something wrong !!
I follow the steps over and over
but still the same
from fbunpinner.
Hi
How to setup BurpSuite with OpenJDK 11 ?
from fbunpinner.
Yes just download burp suite jar file + open sdk 11
And go on
It worked for me
It's just i didn't get respond for some requests
from fbunpinner.
The patcher frequently fails for Facebook Messenger (com.facebook.orca) versions, giving the error:
[+] Patching TLS1.3 stack!
[!] Could not find the required code to patch!
Tried the script with following releases of Facebook Messenger: March 2019, Feb 2019, March 2018, Jan 2018. Has anyone tried the patching script successfully on Facebook messenger app?
from fbunpinner.
Hi, which version and architecture exactly?
from fbunpinner.
I am running Google Nexus 5X - API26 on Genymotion Emulator which is x86 based.
The specific versions of Facebook Messenger that I tested the patcher with are:
1- com.facebook.orca_147.0.0.25.86-84175400_minAPI21(x86)
2- com.facebook.orca_170.0.0.39.87-113613144_minAPI21(x86)
3- com.facebook.orca_171.0.0.28.108-114359499_minAPI21(x86)
from fbunpinner.
Those are old versions, try with orca_200+
There's currently a known issue that patching old versions doesn't work
from fbunpinner.
Now getting this error. I AM running burpsuite with OpenJDK 11 and able to record traffic from other apps. What exact steps should I follow after replacing the patched 'libcoldstart.so' file in /data/data/com.facebook.orca/lib-xzs?
version of Facebook messenger: com.facebook.orca_202.0.0.14.107-141881924_minAPI21(x86)
from fbunpinner.
Same is happening with the Facebook app (Facebook 210.0.0.43.119 (x86)). The apps just lose internet connectivity when I connect to internet via Burpsuite proxy. I am sure that I am missing something during my unpinning procedure even after following every step in README.
from fbunpinner.
Oh that’s cool! Can you share your personal email or any other platform where I can contact you? Thanks for your contribution in this tool and keeping it updated!
from fbunpinner.
from fbunpinner.
Related Issues (20)
- I patched but data encypt. Can you help me fix it HOT 7
- Can you please give me the patched file with the latest version of Facebook? HOT 3
- Fails when patching `libliger.so` HOT 2
- Can this be ported to iOS? HOT 1
- After patch, burp still cannot intercept traffic HOT 2
- not working for lastest messanger HOT 1
- Video tutorial demo
- libcoldstart.so and/or libliger.so not longer exist HOT 11
- version fb HOT 1
- content error HOT 1
- Patch Messenger 301 not working
- Unpinned not working on latest APK HOT 3
- IndexError: index out of range
- cp: bad '/data/data/com.facebook.katana/lib-superpack-xz/libcoldstart.so': No such file or directory HOT 7
- x86 competability for removing certificate pinning defense from Facebook applications. HOT 1
- [!] Could not find the required code to patch! HOT 6
- IndexError: index out of range
- still working ?
- this not working HOT 1
- [!] Could not find the required code to patch! HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fbunpinner.