Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug & solution] Suggest change to the bypassing SSL-Pinning of Okhttp3 since original code doesn't work #571

Open
kiven7299 opened this issue Oct 11, 2022 · 5 comments · May be fixed by #572
Open

[bug & solution] Suggest change to the bypassing SSL-Pinning of Okhttp3 since original code doesn't work #571

kiven7299 opened this issue Oct 11, 2022 · 5 comments · May be fixed by #572
Labels
freshissue Default label for new, untriaged issues.

Comments

@kiven7299
Copy link

About the issue

There is an Android app which demo ssl-pinning: https://github.com/httptoolkit/android-ssl-pinning-demo.
Try disable its ssl-pinning with Objection (command android sslpinning disable) fails for Okhttp3 library:

  • As can be seen bellow, the pinning still performs well:
    image

Spot the bug in Objection's frida scripts

In file agent.js, function const okHttp3CertificatePinnerCheckOkHttp = (ident) => {...}. The issue is red-underlined code bellow:
image

  • Since there is no check$okhttp with argument of u15 type, the code fails to hook into.

Suggest fix

Just hook okhttp3.CertificatePinner.check$okhttp without overload(...)

  • Change the red-underlined code to const CertificatePinnerCheckOkHttp = certificatePinner.check$okhttp

image

Result

image
image
@kiven7299 kiven7299 added the freshissue Default label for new, untriaged issues. label Oct 11, 2022
@kiven7299 kiven7299 changed the title [bug & solution] Suggest change to the bypassing SSL-Pinning by Okhttp3 since original code doesn't work [bug & solution] Suggest change to the bypassing SSL-Pinning of Okhttp3 since original code doesn't work Oct 11, 2022
@leonjza
Copy link
Member

leonjza commented Oct 11, 2022

Hey! Thanks for the issue. Up for opening a PR?

@kiven7299
Copy link
Author

kiven7299 commented Oct 11, 2022
edited
Loading

Hey! Thanks for the issue. Up for opening a PR?

Okay I will open a PR, but it could take time since I'm not used to working with git

@kiven7299
Copy link
Author

@leonjza, can you instruct me on how to make a pull request?

@leonjza
Copy link
Member

leonjza commented Oct 11, 2022

Sure. Fork the repository, make and commit the code changes then follow this guide to make the pull request.

@kiven7299
Copy link
Author

Thanks for your help. I've made a pull request

@IPMegladon IPMegladon linked a pull request Jul 13, 2024 that will close this issue
Modify sslpinning bypass for okhttp3 library #572
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
freshissue Default label for new, untriaged issues.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Modify sslpinning bypass for okhttp3 library kiven7299/objection
2 participants
@leonjza @kiven7299