Open Patralos opened 6 years ago
I tried sniffing, but the app doesn't allow user certificates and therefore is unable to connect to their servers. I also followed this tutorial to bypass this protection, but after installing and opening the app for the first time, it's still unable to connect (this time with error 477 unknown
).
@KLVN I recommend hooking the pinning methods without patching the app itself, you can use any remote instrumentation framework for that.
somebody has success in unpinning the app? Tried SLL Unpinning from Xposed and SLL Unpinning with Frida (https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/). Both doesnt seems to work. Next step is to look at the code with jadx and try to hook the pinning method....
@guitar9 My first success was using Frida.
@ioncodes Did you write your own script? Or did you used this: (https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/)
@guitar9 I wrote my own script.
@ioncodes ok :( can you publish it? :)
@guitar9 No I can't, sorry :/
@ioncodes ok :) Can you give a hint at which classes to look?
Has anyone already reversed / sniffed the new api calls for popular jodels of today / week?