search

httptoolkit / frida-interception-and-unpinning

Frida scripts to directly MitM all HTTPS traffic from a target mobile application
https://httptoolkit.com/android/
GNU Affero General Public License v3.0
905 stars 178 forks source link

Cannot unpin com.namcobandaigames.spmoja010E #20

Open teslabyte opened 2 years ago

teslabyte commented 2 years ago

It prints out 

--> Bypassing OpenSSLSocketImpl Conscrypt
  --> Bypassing OpenSSLSocketImpl Conscrypt
  --> Bypassing OpenSSLSocketImpl Conscrypt
  --> Bypassing OpenSSLSocketImpl Conscrypt

, but still fails to unpin it as seen in the photo image

pimterry commented 2 years ago

Interesting! I haven't seen that before. I don't have time to look into this myself any time soon, but I wrote a guide to reverse engineering arbitrary apps to do this in https://httptoolkit.tech/blog/android-reverse-engineering/ which should give you enough info to hunt down the cause.

If you manage to get anywhere close to finding the code that does this, or even better if you can put some hooks together to disable it, then do share that here and hopefully we can add to the script to fix this permanently for everybody.