obilodeau
commented
3 years ago segfault.me seems to always return 404 at the moment. It's the private site of a former colleague, I just warned him about it.
Having a:
Return code: Not FoundIs ok because of that.
To confirm everything is working:
- Keep cert pinning active (this simply enforces regular cert validation in the example app)
- perform man-in-the-middle w/o the unpin attack
- Click "Test HTTP Request"
- See a cert failure in the logs
- Activate the unpin attack
- Click "Test HTTP Request"
- See a "Return Code: Not Found"
alebeta90
Hi all,
I had been testing the Sample App provide in the repo. But so far I do not manage to perform the bypass.
Am testing on LineageOS 18, which is Android 11 with Magisk Root. Using Burp as a proxy, I added CA cert using ADB push to /etc/security/cacerts I hashed.0 the cert and it appears in the installed CA certificates in my phone and test with the local browser.
The app seems to be starting properly and I can do a request with no problem. But something that does not allow me to understand the proper or improper functioning of the bypass is that the segfault.me domain might be not working properly?
I tried to reproduce the call visiting
I took this from https://github.com/GoSecure/frida-xamarin-unpin/blob/master/src/SampleApp/SampleApp/ViewModels/AboutViewModel.cs#L36
https://www.segfault.me/?k=637673854930158135
and it always returns Not Found, is this behaviour intended? or it should return an OK 200 HTTP status?
So Following the blog post https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/
I should receive a Code: OK, if the request is made properly, which it is not happening at the moment.
Then my first question is: Is the segfault.me from the sample app working properly?
If it is working as intended, what could be happening in my test that it is not working?
Thanks in advance