Comments (5)
pimterry
commented on August 16, 2024
Never tried it, and I don't have a FireTV to test with I'm afraid. If you want to share results that'd be interesting though, and of course any new PRs to add support for that (if it's not supported already) would be happily accepted.
from frida-interception-and-unpinning.
BeAtS85
commented on August 16, 2024
As soon as you run the app with the frida script and mitm it, it fails to connect. What results would you want shared?
from frida-interception-and-unpinning.
pimterry
commented on August 16, 2024
That's useful info in itself ๐. If you can share the output from the Frida script that would be helpful, since there's often clues there.
The output from ADB might also be interesting. You can watch that with adb logcat -T1.
Making this work will probably require some reverse engineering and maybe new additions to the script. There's a guide here: https://httptoolkit.tech/blog/android-reverse-engineering/
from frida-interception-and-unpinning.
BeAtS85
commented on August 16, 2024
C:\Android>frida --no-pause -U -l frida-script.js -f com.apple.atve.amazon.appletv ____ / _ | Frida 15.1.12 - A world-class dynamic instrumentation toolkit | (_| | > _ | Commands: /_/ |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ Spawned com.apple.atve.amazon.appletv`. Resuming main thread!
[AFTMM::com.apple.atve.amazon.appletv]-> ---
Unpinning Android app...
[+] SSLPeerUnverifiedException auto-patcher
[+] HttpsURLConnection (setDefaultHostnameVerifier)
[+] HttpsURLConnection (setSSLSocketFactory)
[+] HttpsURLConnection (setHostnameVerifier)
[+] SSLContext
[+] TrustManagerImpl
[ ] OkHTTPv3 (list)
[ ] OkHTTPv3 (cert)
[ ] OkHTTPv3 (cert array)
[ ] OkHTTPv3 ($okhttp)
[ ] Trustkit OkHostnameVerifier(SSLSession)
[ ] Trustkit OkHostnameVerifier(cert)
[ ] Trustkit PinningTrustManager
[ ] Appcelerator PinningTrustManager
[+] OpenSSLSocketImpl Conscrypt
[ ] OpenSSLEngineSocketImpl Conscrypt
[ ] OpenSSLSocketImpl Apache Harmony
[ ] PhoneGap sslCertificateChecker
[ ] IBM MobileFirst pinTrustedCertificatePublicKey (string)
[ ] IBM MobileFirst pinTrustedCertificatePublicKey (string array)
[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSocket)
[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (cert)
[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (string string)
[ ] IBM WorkLight HostNameVerifierWithCertificatePinning (SSLSession)
[+] Conscrypt CertPinManager
[ ] CWAC-Netsecurity CertPinManager
[ ] Worklight Androidgap WLCertificatePinningPlugin
[ ] Netty FingerprintTrustManagerFactory
[ ] Squareup CertificatePinner (cert)
[ ] Squareup CertificatePinner (list)
[ ] Squareup OkHostnameVerifier (cert)
[ ] Squareup OkHostnameVerifier (SSLSession)
[+] Android WebViewClient (SslErrorHandler)
[ ] Android WebViewClient (WebResourceError)
[ ] Apache Cordova WebViewClient
[ ] Boye AbstractVerifier
Unpinning setup completed
Process terminated
[AFTMM::com.apple.atve.amazon.appletv]->
Thank you for using Frida!`
ADB Logcat: https://www.file.io/download/FseILT3xM2OJ
from frida-interception-and-unpinning.
BeAtS85
commented on August 16, 2024
The APK: https://file.io/iT7Idrru2i6Z
from frida-interception-and-unpinning.
Related Issues (20)
- Disable jailbreak detection HOT 3
- I have an app that has certificate transparency failed, is there any script that I can use? HOT 1
- SSLPeerUnverifiedException: Certificate transparency failed HOT 1
- issues with unpinning of com.segway.mower and com.hansgrohe.poseidon HOT 5
- Frida: The 'argv' option is not supported when spawnin HOT 1
- Nigloland App: Certificate transparency failed HOT 5
- Hi
- Not Work = Raw Custom-Pinned Resquest HOT 3
- [FIXED] Not working with bereal HOT 3
- [ ] Unrecognized TLS error - this must be patched manually HOT 8
- Fishing Clash app. Some super-duper pinning protection. HOT 2
- Ignorar detectar VPN httptoolkit HOT 5
- Bypass la fijaciรณn SSL de IOS 15-16 con httptoolkit + script frida HOT 3
- Error: access violation accessing 0x5d8 HOT 1
- this script fails with com.audioteka but another works HOT 2
- Error with file : android-certificate-unpinning.js HOT 1
- error native-connect-hook.js HOT 1
- not able to sniff com.peacocktv.peacockandroid HOT 10
- Not working with com.bumble.app HOT 3
- Add Support for Intercept Flutter HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from frida-interception-and-unpinning.