Git Product home page Git Product logo

hackingfacebook's Introduction

HackingFacebook

Bypassing Facebook for iOS's SSL Pinning, allow us to capture decrypted HTTPS request send from Facebook, with tools like Charles.

Screen Shot

Description

This repository shows how to kill the certificate pinning in Facebook for iOS without Jailbreak your device.

I've successfully captured decrypted https requests from Facebook with Charles by apply this patch. I tested the currently newest Facebook for iOS version 79.0, this patch may become invalid with newer version.

About

Instructions

Update 20170319

I've developed a new tool to finish this steps in more simple way, see:

https://github.com/Naituw/IPAPatch

Original Instructions

  1. Prepare Facebook_extenstion_removed.ipa

    • Get decrypted Facebook ipa, wether from a jailbroken device or ipa download site (I'm using ipa downloaded from http://www.iphonecake.com)
    • Unzip ipa, Remove Payload/Facebook.app/Plugins folder, which contains App Extensions.
    • Zip the Payload folder, and rename to Facebook_extenstion_removed.ipa

  2. Inject Code to Facebook_extenstion_removed.ipa

    • Build DyldXcodeProject, make sure the target is selected to real device (NOT iPhone Simulators), copy the result framework's binary file to a folder named DyldsForInjection

    • Use the script provide in DyldPatcher, patch the binary we generated, to Facebook_extenstion_removed.ipa, the patched file is named Facebook_extenstion_removed-patched.ipa

         cd DyldPatcher
   ./patchapp.sh Facebook_extenstion_removed.ipa DyldsForInjection

  3. Resign Facebook_extenstion_removed-patched.ipa

    • Use the modified version of iResign to resign the file, the result file is Facebook_extenstion_removed-patched-resigned.ipa, this version will sign the dyld we injected correctly.

  4. Install and Run

    • Install Facebook_extenstion_removed-patched-resigned.ipa via Xcode
    • Capture HTTPS requests like other apps with Charles!

hackingfacebook's People

Contributors

naituw avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.