Let’s Flow into the article🙂
First, we need to download the frida server for Android from here — https://github.com/frida/frida/releases
Download the Android server according to your device architectures like — x86, x86–64, arm64 or arm
Now extract the frida server folder open it with the CMD terminal and we have to push that frida server into our virtual device by typing -
adb push frida.7-android-x86 /data/local/tmp and hit enter it will successfully be pushed to the Android virtual device.
#Tips — also push the CA certificate to /data/local/tmp like this cert-der.crt by renaming this — cacert.crt
Now open another cmd terminal do adb shell then cd /data/local/tmp where we pushed our frida server.
Now we will give permission to our frida server by doing — chmod 755 or 777 and serve file name and hit enter. after that enter ./frida-server & start the frida server.
Here & means to run that process in the background you can use ./frida-server or ./frida-server & depending on you both are correct.
Now we have to download the script to bypass the SSL from here — https://codeshare.frida.re/
Universal Android SSL Pinning Bypass with Frida OR frida-multiple-unpinning
Remember this script is to be downloaded on your local machine now copy the whole script and paste it to any text editor You can use VS Code and save where you want with script.js name as for your choice.
Now download any Android app and drag and drop it to the virtual device.
After that, we will open a new CMD terminal and connect the device by doing an adb shell and typing this command — pm list packages -3 it will list all third-party apps installed on your device in the simplest way.
- After that copy your package name which looks like — com.twitter.android in your case it will be other according to your app you choose.
- Now Open CMD terminal go to your path where you saved script.js file.
Now Run this command in terminal -
frida -U -f app_PackageName -l script.js | frida -U -f com.twitter.android -l script.js
Hit Enter and it will Successfully Bypass the app SSL and you can now intercept the app traffic in the Burpsuite.
Thank You For Reading 😊
Linkedin — https://www.linkedin.com/in/aman-hasan/
