SSL Pinning is Bypassed through Frida

MaxToyberman / react-native-ssl-pinning

React Native ssl pinning and cookies handling based on okhttp3 on (Android). and AFNetworking on (iOS)

MIT License

335 stars 99 forks source link

SSL Pinning is Bypassed through Frida #175

Open pavan-bora-tudip opened 1 year ago

pavan-bora-tudip commented 1 year ago

I am creating an android application which is able to ping the server for certain information and return them. There are a few methods by which a user can bypass the pinned SSL certificate of an android application by using tools like Frida, Objection, etc. Is there a way to prevent the bypass of SSL certificate in android. so that, the user cannot be able to see the traffic? (assume the user phone is rooted)

Package Used: react-native-ssl-pinning

chathuralakmal commented 1 year ago

You can Implement AntiFrida Detection for Android. https://github.com/darvincisec/DetectFrida

RogerBrusamarello commented 1 year ago

How implement it? There is not any doc to follow, and install it.

chathuralakmal commented 1 year ago

@RogerBrusamarello Just follow the sample in GitHub. it's an Android Project. you can do the same for your project.

Ex: in Gradle you have to add this code. externalNativeBuild { cmake { path "src/main/c/CMakeLists.txt" version "3.10.2" } }