Sahin SOLMAZ - Versatile Web Developer - Cyber Security Enthusiastafter a long time hi again everyone!
recently, one of my friend has needed to test an Android application as detailed (checking its API requests). and asked me this need’s solution. then I did a test for SSL pinning bypass for an Android application on Windows with Frida. now I will explain all steps here for you.
just a short summary for SSL Pinning:
If the mobile application does not have SSL pinning, the attackers can read the HTTP packets going back and forth between the application and the server over the network with a proxy easly. For this stiation, the SSL pinning method is used, as a precaution. and as with everything, there are some solutions to bypass. we use Frida for SSL pinning bypass in this article. now let’s start!
requirements first:
- Fiddler (Classic or Everywhere),
- Python,
- Frida,
- Genymotion / Emulator or any other,
- ADB – Android Debug Bridge (if you prefer Genymotion, it already has adb tool.)