Closed shadowzoom closed 4 years ago
ViRb3
commented
5 years ago Snapchat probably uses a custom certificate check, and since this module only hooks the system implementation, it won't work. Unfortunately, adding per-app hooks is out of the scope of this project. However, it should be relatively easy to find the custom check and patch it. Hint: it could be in a native library (.so) file!
ViRb3
commented
5 years ago Please confirm for me that you can sniff Chrome traffic with this module enabled to make sure that there are no issues with the hook. Thank you!
adrubesh
commented
5 years ago This won't work with Snapchat but that doesn't mean it doesn't disable SSL Pinning. I have checked the APK myself with a custom SSL Pinning bypass and can confirm that Snapchat does additional checks after the fact (it runs a check for Root/Xposed being installed regularly and will disable network connectivity if its found).
ViRb3
commented
5 years ago EdXposed should be undetectable by Android apps. Leaving this open until it is confirmed how Snapchat validates certificates.
Seumi
commented
4 years ago This won't work with Snapchat but that doesn't mean it doesn't disable SSL Pinning. I have checked the APK myself with a custom SSL Pinning bypass and can confirm that Snapchat does additional checks after the fact (it runs a check for Root/Xposed being installed regularly and will disable network connectivity if its found).
have you solve this problem
adrubesh
commented
4 years ago Yes, but it is not currently available for public release.
ViRb3
commented
4 years ago As previously stated, Snapchat uses custom certificate pinning and not Android's system pinning. That is out of the scope of this project. If you have a problem with the module itself, feel free to open a new issue.
Trying to intercept ssl traffic, but fail. Any tips?