Hi!
I just added to Brida a small Frida script to bypass SSL/TLS certificate pinning on OkHttp3 4.2+ of Android, developed with my colleague Piergiovanni.
You can use the script with the GitHub version of Brida (at the moment you have to compile the plugin but it will included in the next release) or directly with Frida throught a Frida CodeShare script.
The code of the script is the following one (in includes also the hooks for the older versions of OkHttp3):
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
/*
* Description: OkHttp3 various SSL Pinning bypasses, including versions 4.2+.
* Authors: @apps3c and @pcipolloni
*/
setTimeout(function() {
Java.perform(function () {
var okhttp3_CertificatePinner_class = null;
try {
okhttp3_CertificatePinner_class = Java.use('okhttp3.CertificatePinner');
} catch (err) {
console.log('[-] OkHTTPv3 CertificatePinner class not found. Skipping.');
okhttp3_CertificatePinner_class = null;
}
if(okhttp3_CertificatePinner_class != null) {
try{
okhttp3_CertificatePinner_class.check.overload('java.lang.String', 'java.util.List').implementation = function (str,list) {
console.log('[+] Bypassing OkHTTPv3 1: ' + str);
return true;
};
console.log('[+] Loaded OkHTTPv3 hook 1');
} catch(err) {
console.log('[-] Skipping OkHTTPv3 hook 1');
}
try{
okhttp3_CertificatePinner_class.check.overload('java.lang.String', 'java.security.cert.Certificate').implementation = function (str,cert) {
console.log('[+] Bypassing OkHTTPv3 2: ' + str);
return true;
};
console.log('[+] Loaded OkHTTPv3 hook 2');
} catch(err) {
console.log('[-] Skipping OkHTTPv3 hook 2');
}
try {
okhttp3_CertificatePinner_class.check.overload('java.lang.String', '[Ljava.security.cert.Certificate;').implementation = function (str,cert_array) {
console.log('[+] Bypassing OkHTTPv3 3: ' + str);
return true;
};
console.log('[+] Loaded OkHTTPv3 hook 3');
} catch(err) {
console.log('[-] Skipping OkHTTPv3 hook 3');
}
try {
okhttp3_CertificatePinner_class['check$okhttp'].implementation = function (str,obj) {
console.log('[+] Bypassing OkHTTPv3 4 (4.2+): ' + str);
};
console.log('[+] Loaded OkHTTPv3 hook 4 (4.2+)');
} catch(err) {
console.log('[-] Skipping OkHTTPv3 hook 4 (4.2+)');
}
}
});
}, 0);
|
Cheers!
