eltion / facebook-ssl-pinning-bypass Goto Github PK
View Code? Open in Web Editor NEWBypass Facebook SSL pinning on Android devices.
License: GNU General Public License v3.0
Bypass Facebook SSL pinning on Android devices.
License: GNU General Public License v3.0
do you know. where is the place that fb send the request and recieve response ?
i want to use frida to hook that method
Hi, can you provide Ads Manager android app ssl pinning bypass ?
Describe the bug
Not a bug: Could you modify the Frida script to work for the oculus Meta Quest app (com.oculus.twilight)? Standard Frida methods do not work, and neither does your facebook script. Hopefully a similar approach would work.
Method
Frida
App info
Device info
Proxy tool
mitmproxy: v8.1.1
Logs
Spawning com.oculus.twilight
...
[][] Waiting for library...
Spawned com.oculus.twilight
. Resuming main thread!
[Android Emulator 5554::com.oculus.twilight ]-> [*][+] Hooked checkTrustedRecursive
Additional context
TLS Certificate not accepted errors in mitmproxy
Describe the bug
A clear and concise description of what the bug is.
Method
Patched APK or Frida
App info
Device info
Proxy tool
mitmproxy: v8.1.1
brup: v2022.5.2
Logs
Frida or logcat logs, screenshots, mitmproxy event logs, Brup event log.
Additional context
Add any other context about the problem here.
Describe the bug
A clear and concise description of what the bug is.
Method
Patched APK or Frida
App info
Device info
Proxy tool
mitmproxy: v8.1.1
brup: v2022.5.2
Logs
Frida or logcat logs, screenshots, mitmproxy event logs, Brup event log.
Additional context
Add any other context about the problem here.
even after removing facebook app using adb shell..can't install patched apk ..While downloading and installing it says "The package conflicts with the existing package with the same name".. Is there is solution for this/way to install this patched apk .
please by pass facebook lite
Facebook Messenger libcoldstart.so
doesn't have proxygen::SSLVerification::verifyWithMetrics
method. Do you have any idea ? thanks
Facebook now requires new version for using the chat function, please update the new patch codes. Thanks for all your effort
Hi, can you provide facebook lite android app ssl pinning bypass ?
Hi @Eltion,
Can you please provide the script for patching the apk if possible?
SSL PINNING BYPASSE OF SNAPCHAT KINDLY!
Android: AVD api 28 (pixel 4 android virtual device)
Facebook downloaded: arm
Device: macbook M1
i installed patched apk on android virutal device, capture request by burp proxy but nothing captured.
Log ADB:
--------- beginning of system
--------- beginning of main
01-14 22:24:01.619 4149 4295 V FACEBOOK_SSL_PINNING_BYPASS: [][] Waiting for library...
01-14 22:24:01.621 4149 4295 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Hooked checkTrustedRecursive
01-14 22:24:02.052 4149 4369 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Found libcoldstart.so at: 0x7b685e6000
01-14 22:24:02.055 4149 4369 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk212basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
01-14 22:24:02.150 4149 4451 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Patched libcoldstart.so
01-14 22:24:05.386 5129 5190 V FACEBOOK_SSL_PINNING_BYPASS: [][] Waiting for library...
01-14 22:24:05.387 5129 5190 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Hooked checkTrustedRecursive
01-14 22:24:05.779 5129 5202 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Found libcoldstart.so at: 0x7b686df000
01-14 22:24:05.793 5129 5202 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk212basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
01-14 22:24:05.893 5129 5250 V FACEBOOK_SSL_PINNING_BYPASS: [][+] Patched libcoldstart.so
Burpsuite error:
Describe the bug
I installed frida in termux and tried the frida script in the 428*+ versions. But it showing the problem "Failed to find pattern: ......" . It was working on 427* and lower versions.
Method
Frida
App info
Device info
Proxy tool
brup: v2022.8.2
Logs
Frida :
[Remote::com.facebook.katana ]-> [][+] Hooked checkTrustedRecursive
[][+] Found libcoldstart.so at: 0x70eaa12000
[][+] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk212basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
[][-] Failed to find pattern: ff ff 01 a9 ?? ?? 00 b4 80 82 4c 39
Bro, why can't the application be installed?
Describe the bug
Unable to use in the latest version of genymotion, received the following error after start intercepting traffic from genymotion
Method
Patched APK or Frida
App info
latest
Device info
any
Proxy tool
mitmproxy: v8.1.1
brup: v2022.5.2
Logs
Frida or logcat logs, screenshots, mitmproxy event logs, Brup event log.
Additional context
Add any other context about the problem here.
I need help or need to see where I messed up. following commands were used for setting up my emulator with Frida
adb push frida-server /data/local/tmp/
adb shell chmod 777 /data/local/tmp/frida-server
adb push facebook-ssl-pinning-bypass.js /data/local/tmp/
adb push 9a5ba575.0 /data/local/tmp/cert-der.crt
adb push 9a5ba575.0 /system/etc/security/cacerts/
adb shell chmod 644 /system/etc/security/cacerts/9a5ba575.0
adb shell "/data/local/tmp/frida-server &"
frida -U -f com.facebook.katana -l facebook-ssl-pinning-bypass.js
When use file packed then show error
[][] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk212basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
[][] Failed tp hook function: X509_verify_cert
Error: libcoldstart.so: unable to find export 'X509_verify_cert'
i'm try with file new in google play then success(hook working) but using fiddler then can't handshake(can't trust cer).
sydo26 in ~
โฏ frida -U -l .\OneDrive\Documentos\bypass.js -f com.facebook.katana --no-pause
____
/ _ | Frida 15.1.27 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Android Emulator 5554 (id=emulator-5554)
Spawning `com.facebook.katana`...
[*][*] Waiting for library...
Spawned `com.facebook.katana`. Resuming main thread!
[Android Emulator 5554::com.facebook.katana ]-> [*][*] Found libcoldstart.so at: 0xb4a8e000
[*][*] Hooked function: _ZN8proxygen15SSLVerification17verifyWithMetricsEbP17x509_store_ctx_stRKNSt6__ndk212basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEEPNS0_31SSLFailureVerificationCallbacksEPNS0_31SSLSuccessVerificationCallbacksERKNS_15TimeUtilGenericINS3_6chrono12steady_clockEEERNS_10TraceEventE
[*][*] Failed tp hook function: X509_verify_cert
Error: libcoldstart.so: unable to find export 'X509_verify_cert'
Create virtual device with Android Studio with these settings:
Start emulator in terminal:
> emulator -avd Pixel_4_XL_API_30 -writable-system
Root with adb:
> adb root
> adb shell avbctl disable-verification
> adb disable-verity
> adb reboot
> adb root
> adb remount
Start frida server in device:
> adb push ./frida-server /data/local/tmp
> adb shell "chmod 755 /data/local/tmp/frida-server"
> adb shell "/data/local/tmp/frida-server &"
> adb forward tcp:27042 tcp:27042
> adb forward tcp:27043 tcp:27043
> frida-ps -R
Install patched facebook:
> adb install .\facebook-v373.0.0.31.112-x86.apk
Start facebook for the first time.
And finally, start the bypass:
> frida -U -l ./bypass.js -f com.facebook.katana --no-pause
When run "frida -U -l E:\LD1\LD1\bypassSSL.js -f com.facebook.katana --no-pause"
then show
____
/ _ | Frida 15.2.2 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to VOG-AL00 (id=127.0.0.1:5557)
Spawning com.facebook.katana
...
[][] Waiting for library...
Spawned com.facebook.katana
. Resuming main thread!
[VOG-AL00::com.facebook.katana ]-> TypeError: cannot set property 'implementation' of undefined
at (/frida/repl-2.js:77)
at (frida/node_modules/frida-java-bridge/lib/vm.js:12)
at _performPendingVmOps (frida/node_modules/frida-java-bridge/index.js:250)
at (frida/node_modules/frida-java-bridge/index.js:242)
at apply (native)
at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:620)
at (frida/node_modules/frida-java-bridge/lib/class-factory.js:598)
Process terminated
[VOG-AL00::com.facebook.katana ]->
how to fix this problem?
I installed patched apk at android 13 but it did not work.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.