Open Patralos opened 6 years ago
KLVN
commented
6 years ago I tried sniffing, but the app doesn't allow user certificates and therefore is unable to connect to their servers. I also followed this tutorial to bypass this protection, but after installing and opening the app for the first time, it's still unable to connect (this time with error 477 unknown).
ioncodes
commented
5 years ago @KLVN I recommend hooking the pinning methods without patching the app itself, you can use any remote instrumentation framework for that.
guitar9
commented
5 years ago somebody has success in unpinning the app? Tried SLL Unpinning from Xposed and SLL Unpinning with Frida (https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/). Both doesnt seems to work. Next step is to look at the code with jadx and try to hook the pinning method....
ioncodes
commented
5 years ago @guitar9 My first success was using Frida.
guitar9
commented
5 years ago @ioncodes Did you write your own script? Or did you used this: (https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/)
ioncodes
commented
5 years ago @guitar9 I wrote my own script.
guitar9
commented
5 years ago @ioncodes ok :( can you publish it? :)
ioncodes
commented
5 years ago @guitar9 No I can't, sorry :/
guitar9
commented
5 years ago @ioncodes ok :) Can you give a hint at which classes to look?
Has anyone already reversed / sniffed the new api calls for popular jodels of today / week?