Introdution

English | 中文

Bypass libcurl (NDK) SSL-Pinning protection presented in some Android apps.

Pre-requisites

Frida access to your mobile device

Usage

Spawn mode

frida -U -f com.example --no-pause -l Frida-libcurlUnpinning.js

U: Connect to remote device f: Spawn specified app --no-pause: Resume main thread after spawning app l: Load & run script

Attach mode (Recommended)

frida -U -F -l Frida-libcurlUnpinning.js

U: Connect to remote device F: Attach to foreground app l: Load & run script

Example

Credits

iOS libcurl hooking by @Nevermoe

Q & A

Q: How does it work?
A: It’s just ~~a balloon stretched over a cup~~. Jk, it simply hooks curl_easy_setopt and blocks options related to SSL-Pinning.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README/images		README/images
.gitignore		.gitignore
Frida-libcurlUnpinning.js		Frida-libcurlUnpinning.js
README.md		README.md
README_tw.md		README_tw.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Introdution

Pre-requisites

Usage

Spawn mode

Attach mode (Recommended)

Example

Credits

Q & A

About

Releases

Packages

Languages

d0gkiller87/Frida-libcurlUnpinning

Folders and files

Latest commit

History

Repository files navigation

Introdution

Pre-requisites

Usage

Spawn mode

Attach mode (Recommended)

Example

Credits

Q & A

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages