Android app Pentests can become torturous when you don't have the right environment setup.
This of-course refers to the SSL-pinning that is implemented in the apps which prevents Security Researchers from intercepting the traffic.
There are a lot of great tutorials on the internet which tells you the easy way to bypass SSL pinning and setup your environment. (Linked them below).
I've often found myself doing the same steps again and again whenever I need a new environment installed or if I'm working on a new system.
So using some publicly available resources and using my poor bash scripting skills, I've written a script that does all this for me.
- This only works with Genymotion. You need to have a device ready, installed and running so that the script can interact with the ADB.
I mostly use a Custom device with Android 8. Here's my configuration if you're interested.
- Start your Burp before running the installer as this script downloads your certificate from Burp's proxy.
- Run the
frida_setup.shto start the installer.
Here's what the script does in the background.
frida-toolsusing pip. Don't forget to export the installed path otherwise sometimes it does not work by default.
- Fetches the latest released version of Frida server from GitHub.
- Downloads certificate from Burp's proxy.
- Pushes and installs the required files inside the ADB.
- Cleans up the files and does a reboot of the android system.
Here's what you need to do after the Android reboots.
- Go to
Burp > Proxy > Optionsand add a Proxy listener for your android.
- Make sure the IP is your VirtualBox's IP. Set the same inside your Android's WiFi settings with the same port.
adb shelland run the
- Use the
frida.jsscript provided in the Github repository to bypass SSL Pinning -
frida -U -f <package_name> -l frida2.js --no-pause
- The package name can be found using the below command. Make sure the app is running for it show in the result.
frida-ps -U | grep "your_app"
Note: Recommend using frida2.js rather than frida.js