pimterry
commented
2 years ago That definitely sounds like it's an issue from this script somewhere, but it's not clear from there where the error might be.
In the current script, OpenSSLX509Certificate is never used explicitly, and KeyManager is only used in one place. That hooks SSLContext.init(KeyManager[], TrustManager[], SecureRandom), and calls the real method with the same KeyManager[] & SecureRandom arguments, but replacing the TrustManagers with our own custom implementation. I can't see how that would end up passing the keymanager to anything that's expecting an OpenSSLX509Certificate though.
AFAICT that rules out obvious bugs here, but there's lots of more complicated ways that this could fail. Can you share the full output when you intercept this app? Which app is it you're trying to intercept? Any clues to help intercept this or work out where exactly this code is failing (beyond just "somewhere inside Frida") would be very helpful.
Hi! I'm trying to bypass SSL pinning and it doesn't working. But when I "live reload" script i can see this error
` Error: Cast from 'com.google.android.gms.org.conscrypt.OpenSSLX509Certificate' to 'javax.net.ssl.KeyManager' isn't possible at cast (frida/node_modules/frida-java-bridge/lib/class-factory.js:131) at fromJni (/_java.js) at fromJni (frida/node_modules/frida-java-bridge/lib/types.js:247) at ne (frida/node_modules/frida-java-bridge/lib/class-factory.js:610) at (frida/node_modules/frida-java-bridge/lib/class-factory.js:592)
`