Comments (2)
even after you manage to bypass bumble ssl pins, then you will still get blocked by their backend - maybe they have some JA3 checks for checking if you are mitming requests?
anyways; maybe it will help you: here's my frida script for capturing some of data sent by that custom protocol
(also no clue if it will work on newer versions, because the class names could be different)
Java.perform(() => {
let yb7 = Java.use("b.yb7");
yb7["i"].implementation = function (c26527sn) {
//send message; if you view this method in jadx then you'll find all the classes responsible for receiving/sending messages
let gson = Java.use("b.jng").$new();
console.log(gson.h(c26527sn));
this["i"](c26527sn);
};
let mzu = Java.use("b.mzu");
mzu["invoke"].overload().implementation = function () {
//IP pin bypass; you have to use this with --codeshare 007panda/unpinning
return null;
};
})
also: use mitmproxy instead of http toolkit, because, as you said, it doesnt support this custom message protocol and it could mess with the data
from frida-interception-and-unpinning.
Thanks for this @Memexurer. Which version of the app is the script confirmed working with?
from frida-interception-and-unpinning.
Related Issues (20)
- Kayo Sports - au.com.kayosports.tv HOT 5
- SSL error when trying to bypass Youtube pinning HOT 2
- I have an app that has certificate transparency failed, is there any script that I can use? HOT 1
- SSLPeerUnverifiedException: Certificate transparency failed HOT 1
- issues with unpinning of com.segway.mower and com.hansgrohe.poseidon HOT 5
- Frida: The 'argv' option is not supported when spawnin HOT 1
- Nigloland App: Certificate transparency failed HOT 5
- Hi
- Not Work = Raw Custom-Pinned Resquest HOT 3
- [FIXED] Not working with bereal HOT 3
- [ ] Unrecognized TLS error - this must be patched manually HOT 8
- Fishing Clash app. Some super-duper pinning protection. HOT 2
- Ignorar detectar VPN httptoolkit HOT 5
- Bypass la fijación SSL de IOS 15-16 con httptoolkit + script frida HOT 3
- Error: access violation accessing 0x5d8 HOT 1
- this script fails with com.audioteka but another works HOT 2
- Error with file : android-certificate-unpinning.js HOT 1
- error native-connect-hook.js HOT 1
- not able to sniff com.peacocktv.peacockandroid HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frida-interception-and-unpinning.