Bypassing OkHttp Certificate Pinning

栏目: IT技术 · 发布时间: 4年前

内容简介:Yesterday, I was analyzing an Android application which uses OkHttp for certificate pinning. It took me hours to analyze the app, and have tried different methods to circumvent the app’s certificate pinning implementation. If I had only been monitoring the

Yesterday, I was analyzing an Android application which uses OkHttp for certificate pinning. It took me hours to analyze the app, and have tried different methods to circumvent the app’s certificate pinning implementation. If I had only been monitoring the system log while running the app, I could have done it in just a matter of minutes. I might have wasted a lot of time and effort, but at least I’ve learned.

Here’s my write up on how I bypassed OkHttp’s Certificate Pinning implementation.

Attempt #1: Using Xposed Modules

Since I had Xposed running on my test device, I first used the modules SSLUnpinning and TrustMeAlready . I know these modules are outdated, but it might still work. Unfortunately, it didn’t work on the app that I’m testing.

Attempt #2: Using Frida Scripts

My second attempt involved the use of Frida. After setting it up on my test device, I immediately tried the “most popular” Frida script on CodeShare which is the Universal Android SSL Pinning Bypass script. But what I got was just an error. Bypassing OkHttp Certificate Pinning

I tried another script but no luck as well. It did not even successfully detect the certificate pinning implementation used by the app. Bypassing OkHttp Certificate Pinning

I ended up trying all Frida scripts from CodeShare related to certificate pinning bypass but none of them worked.

Attempt #3: Via Manual Modification

I decided to look at the system log to see what’s happening in the background when the app is running. From the app’s log, I found the following certificate fingerprints (highlighted in green) . Bypassing OkHttp Certificate Pinning

Basically, the app checks for these fingerprints. If the fingerprint from the certificate chain matches one of the pinned fingerprints, then the peer’s identity has been verified and SSL pinning can be bypassed.

Before I could inject Burp’s certificate fingerprint, I first decompiled the app and look for the file where these pinned certificates were located. From the output below, the pinned fingerprints were located in /res/values/arrays.xml . Bypassing OkHttp Certificate Pinning

I then injected Burp’s certificate fingerprint to the list inside /res/values/arrays.xml . Bypassing OkHttp Certificate Pinning

Lastly, I recompiled the app and installed it. Bypassing OkHttp Certificate Pinning

Bypassing OkHttp Certificate Pinning

That’s it! I was able to bypass the app’s certificate pinning mechanism. Bypassing OkHttp Certificate Pinning

Lesson Learned:Always keep an eye on the system log while running the target application.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Python深度学习

Python深度学习

[美] 弗朗索瓦•肖莱 / 张亮 / 人民邮电出版社 / 2018-8 / 119.00元

本书由Keras之父、现任Google人工智能研究员的弗朗索瓦•肖莱(François Chollet)执笔,详尽介绍了用Python和Keras进行深度学习的探索实践,涉及计算机视觉、自然语言处理、生成式模型等应用。书中包含30多个代码示例,步骤讲解详细透彻。由于本书立足于人工智能的可达性和大众化,读者无须具备机器学习相关背景知识即可展开阅读。在学习完本书后,读者将具备搭建自己的深度学习环境、建......一起来看看 《Python深度学习》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

html转js在线工具
html转js在线工具

html转js在线工具

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具