API tools faq
paste
Advertisement
0xspade

Frida Android SSL Pinning Script

0xspade
Jan 15th, 2019
310
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 2.83 KB | None | 0 0
raw download clone embed print report
  1. /*
  2.     Android SSL Re-pinning frida script v0.2 030417-pier
  3.  
  4.    $ adb push burpca-cert-der.crt /data/local/tmp/cacert.crt
  5.    $ frida -U -f it.app.mobile -l frida-android-repinning.js --no-pause
  6.  
  7.    Original Script: https://techblog.mediaservice.net/wp-content/uploads/2017/07/frida-android-repinning_sa-1.js
  8. */
  9. setTimeout(function(){
  10.     Java.perform(function(){
  11.         console.log("");
  12.         console.log("[.] Cert Pinning Bypass in process...");
  13.  
  14.         var CertificateFactory = Java.use("java.security.cert.CertificateFactory");
  15.         var FileInputStream    = Java.use("java.io.FileInputStream");
  16.         var BufferedInputStream= Java.use("java.io.BufferedInputStream");
  17.         var X509Certificate    = Java.use("java.security.cert.X509Certificate");
  18.         var KeyStore           = Java.use("java.security.KeyStore");
  19.         var TrustManagerFactory= Java.use("javax.net.ssl.TrustManagerFactory");
  20.         var SSLContext         = Java.use("javax.net.ssl.SSLContext");
  21.  
  22.         // Load CAs from an Input Stream
  23.         console.log("[+] Loading our CA Cert looking Motherfucker!...");
  24.         cf = CertificateFactory.getInstance("X.509");
  25.  
  26.         try {
  27.             var fileInputStream = FileInputStream.$new("/data/local/tmp/cacert.crt");
  28.         }catch(err){
  29.             console.log("[o] "+err);
  30.         }
  31.  
  32.         var bufferedInputStream = BufferedInputStream.$new(fileInputStream);
  33.         var ca = cf.generateCertificate(bufferedInputStream);
  34.         bufferedInputStream.close();
  35.  
  36.         var certInfo = Java.cast(ca, X509Certificate);
  37.         console.log("[o] Our CA Info: "+certInfo.getSubjectDN());
  38.  
  39.         // Create a Keystore containing a Full of fucking shit and trusted CAs
  40.         console.log("[+] Creating a KeyStore for our CA .. Assholes!");
  41.         var keyStoreType = KeyStore.getDefaultType();
  42.         var keyStore = KeyStore.getInstance(keyStoreType);
  43.         keyStore.load(null, null);
  44.         keyStore.setCertificateEntry("ca", ca);
  45.  
  46.         // Create a Trustmanager that trusts me and the CAs in our KeyStore MotherFucker!!
  47.         console.log("[+] Creating a TrustManager that trust our love ones in our fucking KeyStore shit...");
  48.         var tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
  49.         var tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
  50.         tmf.init(KeyStore);
  51.         console.log("[+] Our TrustManager is ready.. so am i...");
  52.  
  53.         console.log("[+] Hijacking SSLContext methods now...");
  54.         console.log("[+] Waiting for the app to provoke me and also to invoke SSLContext.init()...");
  55.  
  56.         SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;","[Ljavax.net.ssl.TrustManager;","java.security.SecureRandom").implementation = function(a,b,c){
  57.             console.log("[o] App provoked me and this little shit here >> javax.net.ssl.SSLContext.init...");
  58.             SSLContext.init.overload("[Ljavax.net.ssl.KeyManager;","[Ljavax.net.ssl.TrustManager;","java.security.SecureRandom").call(this, a, tmf.getTrustManagers(), c);
  59.             console.log("[+] SSLContext initialized with our custom Shit TrustManager!");
  60.         }
  61.  
  62.     });
  63. },0);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!