Using Frida to Bypass SSL Pinning on Android

• 24 February 2019

Most modern apps rely on SSL pinning to make sniffing SSL traffic through proxy more difficult. This is great security-in-depth practice, but it's a real pain when trying to inspect app's traffic as a part of vulnerability assessment or penetration test. Luckily there if Frida.

1. Run frida-server https://www.frida.re/docs/android/
2. frida-ps -Uai #find the target's application identified ex: com.company.myapp
3. download file bypass.js into current directory
4. frida -U -f com.company.myapp -l bypass.js --no-pause
5. done

• ← Previous
  HTTPs Inspection of Android APK
• Next →
  CLUG Presentation: AI for Beginners from a Beginner