I'm really new to android traffic intercepting. I just wanted to intercept a 3rd party app's API requests for some research. I started from official frida docs and reached up to the step unpinning the SSL certificate using this guide.
I managed to successfully setup frida server on android device and it's running fine.
But whenever I try to bypass any app's certificate pinning I'm getting the same error below. I have tried many different apps having certificate pinning and all results the same error.
I'm using the following command for unpinning.
frida -U -l ./frida-script.js -f tech.httptoolkit.pinning_demo
I'm using this script to bypass certificate pinning and getting the following results.
Spawned `com.snapchat.android`. Use %resume to let the main thread start executing!
Error: getPackageInfoNoCheck(): has more than one overload, use .overload(<signature>) to choose from:
.overload('android.content.pm.ApplicationInfo', 'android.content.res.CompatibilityInfo')
.overload('android.content.pm.ApplicationInfo', 'android.content.res.CompatibilityInfo', 'boolean')
at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:569)
at K (frida/node_modules/frida-java-bridge/lib/class-factory.js:564)
at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:932)
at <anonymous> (frida/node_modules/frida-java-bridge/index.js:224)
at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)
at perform (frida/node_modules/frida-java-bridge/index.js:204)
at <anonymous> (/frida/repl-2.js:520)
at apply (native)
at <anonymous> (frida/runtime/core.js:51)
[Android Emulator 5554::tech.httptoolkit.pinning_demo]->
Using the %resume doesn't do anything and I still get error certificate rejected from the app server it's sending the requests to.
The error is same for even the demo app linked in the frida certificate unpinning guide.
Sorry if the explanation isn't enough and I'll be really thankful if someone is up to help.
Thank you.
Not 100% confirmed, but this appears to be a bug in Frida, either in the latest version of Frida (15.2.2) or Android (13).
See https://github.com/frida/frida/issues/2218 for more info.
Tim is correct, this is a bug, probably on a13 devices. The trick is to run %reload in the frida shell after the error, this will cause the script to run and magically no error
https://github.com/frida/frida/issues/2218#issuecomment-1239983236
Related
first sorry for this stupid question but i'm new to this and trying to learn
i have Android App
i did patch the apk to bypass SSL Pinning using apk-mitm
https://github.com/shroudedcode/apk-mitm
i used BurpSuite to do some modification to request body for some of what the app can and can't send and everything works just fine
now is there is any method to patch this APK with these Rules i made and i don't have to run BurpSuite every time i run the App ?
If you have linux you have the methods but as android needs jdk you must compile and regenerate apk. If you know about manual editing. You can do it by repackaging. If you don't you should pay for security application(BurpSuite) for advanced access.
I want to bypass the SSL pinning of an Android app using the Frida Server method.
I have followed the whole process described in this (https://blog.it-securityguard.com/the-stony-path-of-android-%F0%9F%A4%96-bug-bounty-bypassing-certificate-pinning/) tutorial.
Below are the steps which I have followed/performed:
Installed the Frida library and Frida-tools
Rooted my Android Device
Installed the target app
Downloaded the Frida server for my Device architecture
Sent the Frida Server to its path in Device
Granted the Frida server the necessary permissions
Have started the Frida Server
Got the Frida Script File ready
Now when I try to spawn an app it is raising the process is terminating as shown below:
I am trying this from my Windows Laptop with a Real and rooted Android Device running Android lollipop 5.0.
I have tried it on other apps as well but it causes issues on them as well.
In my opinion, the issue is with the code within my Frida Script file.
If my Frida Script file is empty it is causing no issue but whenever I add the below line in the file it is causing the process to be terminated.
This is the line that is causing the issue.
Java.perform(function (){ });
The app is the device is getting started and immediately the console is showing the process as terminated. I am using frida-server-12.7.22-android-arm.xz as the server. I am pretty sure that the setup is fully right but the only issue is occurring while adding the above code to the Frida Script file.
Also Java.IsAvailable returns false.
I've got a Cordova / Ionic App developed by an external group that we're trying to do some QA testing on. To build out these tests we're attempting to intercept the application with a proxy so we can monitor what API calls the application is making. However, every time we configure the Android or iOS device to use a proxy; the HTTP calls in the application error out.
We have already imported the Certificate Authority of our proxy into the device as a trusted Certificate Authority, and this is confirmed working in the native browser (We can go to SSL sites without any errors/prompts).
The development team is telling us that they haven't done any certificate pinning, or anything "extra" besides what is built into the framework. They are confused as to why our proxying isn't working.
Can anyone tell me what default "platform features" that is preventing our proxying from working, and what we need to tell the development group to give us a build that will allow us to do what we need to do?
Just to be clear, all we have available to us directly is the APK and the IPA file. We do not have the full source-code. We can request the source-code be changed with a new build for us to use; but we cannot just run the Cordova app.
I'm using a package called coroinium cloud and I have recently set up ssl. Coronium cloud is a server package for apps developed with corona SDK. It uses nginx as the server for the package. There is a control panel that you connect to through your browser which loads fine and firefox says the certificate is trusted. However it does not work on the app but instead shows an error saying the certificate is not trusted (CertPathValidatorException on android). I used a tool by digicert to check the ssl configuration:
screenshot of digicert test
There were instructions by the creator of coronium cloud on how to set it up of which all I followed. I got the certificate from startssl.com and used there Nginx certificate. Does anyone know how I can fix this issue as it is holding me back from developing other features as I now can't use any part of my app till this is fixed.
Thank you in advance to anyone who can help me
You should use the certificate chain provided by your Certificate Authority, in the same time than your certificate, and follow the nxinx documentation:
https://nginx.org/en/docs/http/configuring_https_servers.html#chains
cat www.example.com.crt bundle.crt > www.example.com.chained.crt
And in your server block:
ssl_certificate www.example.com.chained.crt;
I am trying to authenticate my android application over a https connection to the server.
I a getting the following exception while trying to authenticate. While looked up for solution, there were lots of suggestions about binding certificate with apk, ignoring the certificate validation etc.
Detailed StackTrace
The problem is, in few phones and emulators this authentication over https works perfectly fine. And in my phone as well as in my emulator it doesn't go through. So looks like its more of a device issue than code one.
Has anyone else have faced this kind of issue and sorted out?
The error meaning is: the SSL certificate chain (from the server certificate to a trust anchor in the Root CA store) has been rebuild by the application but the validation of this chain failed for any reason.
In the stacktrace the underlying error is java.security.NoSuchProviderException: AndroidOpenSSL. It means that the application tries to instantiate a signature validation object with a cryptographic provider which is not present in the android system. This error makes me thinking that it may be an android version issue.
Can you tell us the target API level used to build your application? And what are the versions of the terminals on which the application works and does not work?