Open kiyokodyele opened 1 year ago
From the path there, that looks a lot like this is a Nike-specific certificate pinning hook. You can learn how to fix that here: https://httptoolkit.tech/blog/android-reverse-engineering/.
I suspect the null pointer error is due to the auto-patching hook (here) which is spotting this method and disabling it, but which isn't able to work out what the method should return in this case, and null
isn't working.
If you do get a hook that works to fix this, a PR to the script in this repo would be very welcome! If you're interested by the way, HTTP Toolkit Pro is totally free for contributors to all related projects like this, and that would definitely qualify.
you can also try https://github.com/Ch0pin/medusa , it can get uri, json and base64 data out even if the cert pinning can't be broken.
Tried it on Nike app: com.nike.omega
Frida on terminal returned error below:
Process crashed: java.lang.NullPointerException: interceptor com.nike.mpe.plugin.certtransparency.internal.certificatetransparency.internal.verifier.CertificateTransparencyInterceptor@2c65125 returned null
Just to make sure, I tried it on Twitter and it works.