ac-pm / sslunpinning_xposed Goto Github PK

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

License: GNU General Public License v2.0

Java 100.00%

sslunpinning_xposed's Introduction

Attention: I'm working in a new suite of tools that include SSLUnpinning feature and many, many others! Look here -> https://github.com/ac-pm/Inspeckage

SSLUnpinning - Xposed Module

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

Description

If you need to intercept the traffic from an app which uses certificate pinning, with a tool like Burp Proxy, the SSLUnpinning will help you with this hard work! The SSLUnpinning through Xposed Framework, makes several hooks in SSL classes to bypass the certificate verifications for one specific app, then you can intercept all your traffic.

API

Java Secure Socket Extension (JSSE)

javax.net.ssl.*

APACHE

org.apache.http.conn.ssl.*

OKHTTP

okhttp3.*

Usage

install Xposed in your device (root access on Android 5.1 or later); http://repo.xposed.info/module/de.robv.android.xposed.installer
Download the APK available here https://github.com/ac-pm/SSLUnpinning_Xposed or clone the project and compile;
Install mobi.acpm.sslunpinning_latest.apk on a device with Xposed:
```
  adb install mobi.acpm.sslunpinning_latest.apk
```
SSLUnpinning will list the applications to choose from which will be unpinned;
Ok! Now you can intercept all traffic from the chosen app.

Download

Get it from Xposed repo: http://repo.xposed.info/module/mobi.acpm.sslunpinning

How to uninstall

    adb uninstall mobi.acpm.sslunpinning

Screenshots

License

See ./LICENSE.

Author

ACPM

sslunpinning_xposed's People

Contributors

Stargazers

Watchers

Forkers

moonight10 melbshark futurelighthouse wflk android-sec difcareer t3xtm0d3 mdabbagh88 goodhacker gaurav9991 number0 dwendt v-e-o linhua55 gitgzw vah13 olivierh59500 g5t4r sigma-random snooza nightoftwelve vaginessa snowdomain jumbo-wjb adpushpop cydia5530 bean3ai martinhood liberatorqjw nansongcheng shuixi2013 secice nckatiku jasonycz jpstotz bravery9 minkione pzwwei wllidr mmg1 imorteza seuercc tenwx morristech netstu next-miguelbatuecas hl46000 yuknight thanhtoan1196 gannicusliu alimp5 flyfire sulab999 kingking888 musktime kiqx8 kknet wuzhihuihui jbtest3 neoblackxt coutpkprintf xiao00kang wyu0hop jlvsjp lijinshan123 ohyeah521 serhatozles fishso gammag yangboyd rainmekka 106faceeater106 lokiwiki andy0619 linscomt limkokholefork zhang-777 vlinz-git rajivraj spin32 zickieloox theafien srburton fdlucifer benedridge thiasap freeluyishisan huangliliu0917 test502git driphub meafs xuchunlin168 ccczone zhuwangvip zhaopufeng killman122 xmysterlousx ranushmithila ikpehlivan gmngueko

sslunpinning_xposed's Issues

SSLUnpinning (with Xposed) for Android apps that use Volley

Hi @ac-pm,

Any chance you will add support for SSLUnpinning (with Xposed) for apps that use Volley?

I can use your Cydia substrate SSLUnpinning apk. Works perfectly. But when I use the Xposed framework & SSLUnpinning it does not work. It does seem to perform an SSL Strip style functionality but nothing more. I also tried to use the library on the Twitter Android app(which I guess uses Twitter's okhttp?).

error with SSLUnpin though there is no decrypting enabled

After I select one of my installed app to be bypassed (in Fiddler decrypt HTTPS is unchecked), My app says there is no connection to internet (The same error when trying to decrypt https).
I hope you got me!

Hey Ho!

This app doesnt work with Twitch, Skrill.

I am used Fiddler4 + Android.

Any ideas?

SSL error

My application checks its certificate and does not accept other certificates. My application uses the Arrays.equals method (byte [], byte []) to compare its certificate with mine. Since my charles certificate does not match the application certificate, it refuses to work with a fake certificate.
Help how to bypass and intercept the traffic of the application, which does not accept other certificates such programs as fiddler, charles

Unable to access the website

cert pinning unity games?

Does it support?

I tried a specific game, didn't work :/ I'm using Charles.

Instagram 10.0.0 and up.

Hey,

Since v10.0.0 and up, I have been getting SSL errors even while using the xposed module.
Anyway to tell why this is happening?

Thanks :)

"Class ref in pre-verified class resolved to unexpected implementation" error

Loading modules from /data/app/mobi.acpm.sslunpinning-2.apk
Loading class mobi.acpm.sslunpinning.Module
java.lang.IllegalAccessError: Class ref in pre-verified class resolved to unexpected implementation
at dalvik.system.DexFile.defineClassNative(Native Method)
at dalvik.system.DexFile.defineClass(DexFile.java:222)
at dalvik.system.DexFile.loadClassBinaryName(DexFile.java:215)
at dalvik.system.DexPathList.findClass(DexPathList.java:322)
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:65)
at java.lang.ClassLoader.loadClass(ClassLoader.java:497)
at java.lang.ClassLoader.loadClass(ClassLoader.java:457)
at de.robv.android.xposed.XposedBridge.loadModule(XposedBridge.java:421)
at de.robv.android.xposed.XposedBridge.loadModules(XposedBridge.java:386)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:120)
at dalvik.system.NativeStart.main(Native Method)
on android 4.4.2

12-26 23:03:49.802 E/X509Util(13200): Error creating trust manager (mobi.acpm.sslunpinning.EmptyTrustManager): java.lang.IllegalArgumentException: tm is an instance of mobi.acpm.sslunpinning.EmptyTrustManager which is not a supported type of X509TrustManager

12-26 23:03:49.802 E/X509Util(13200): Could not find suitable trust manager

12-26 23:03:49.802 E/X509Util(13200): Error creating trust manager (mobi.acpm.sslunpinning.EmptyTrustManager): java.lang.IllegalArgumentException: tm is an instance of mobi.acpm.sslunpinning.EmptyTrustManager which is not a supported type of X509TrustManager

pinning not bypassed - same as #3

I have installed and tested this application and it doesnt work well at all with android 5.1.1

I have tried to bypass pinning in 3 different applications but it didnt work at all in any of them

Thanks

can you support magisk?

`/storage/emulated/0/XSSLUnpinning/app.conf: open failed: EACCES (Permission denied)`

I've installed Xposed and SSLUnpinning on freshly rooted Android 6 but I can't make it work. I've found this exception in logcat:

03-21 12:02:27.420  4009  4009 W System.err: java.io.FileNotFoundException: /storage/emulated/0/XSSLUnpinning/app.conf: open failed: EACCES (Permission denied)
03-21 12:02:27.421  4009  4009 W System.err:    at libcore.io.IoBridge.open(IoBridge.java:452)
03-21 12:02:27.421  4009  4009 W System.err:    at java.io.FileInputStream.<init>(FileInputStream.java:76)
03-21 12:02:27.421  4009  4009 W System.err:    at java.io.FileReader.<init>(FileReader.java:42)
03-21 12:02:27.421  4009  4009 W System.err:    at mobi.acpm.sslunpinning.ConfigUtil.readFromFile(ConfigUtil.java:48)
03-21 12:02:27.421  4009  4009 W System.err:    at mobi.acpm.sslunpinning.Module.handleLoadPackage(Module.java:34)
03-21 12:02:27.421  4009  4009 W System.err:    at de.robv.android.xposed.IXposedHookLoadPackage$Wrapper.handleLoadPackage(IXposedHookLoadPackage.java:20)
03-21 12:02:27.421  4009  4009 W System.err:    at de.robv.android.xposed.callbacks.XC_LoadPackage.call(XC_LoadPackage.java:35)
03-21 12:02:27.421  4009  4009 W System.err:    at de.robv.android.xposed.callbacks.XCallback.callAll(XCallback.java:71)
03-21 12:02:27.421  4009  4009 W System.err:    at de.robv.android.xposed.XposedBridge$1.beforeHookedMethod(XposedBridge.java:176)
03-21 12:02:27.422  4009  4009 W System.err:    at de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:661)
03-21 12:02:27.422  4009  4009 W System.err:    at android.app.ActivityThread.handleBindApplication(<Xposed>)
03-21 12:02:27.422  4009  4009 W System.err:    at android.app.ActivityThread.-wrap1(ActivityThread.java)
03-21 12:02:27.422  4009  4009 W System.err:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1405)
03-21 12:02:27.422  4009  4009 W System.err:    at android.os.Handler.dispatchMessage(Handler.java:102)
03-21 12:02:27.422  4009  4009 W System.err:    at android.os.Looper.loop(Looper.java:148)
03-21 12:02:27.422  4009  4009 W System.err:    at android.app.ActivityThread.main(ActivityThread.java:5417)
03-21 12:02:27.422  4009  4009 W System.err:    at java.lang.reflect.Method.invoke(Native Method)
03-21 12:02:27.422  4009  4009 W System.err:    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
03-21 12:02:27.422  4009  4009 W System.err:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
03-21 12:02:27.422  4009  4009 W System.err:    at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:117)
03-21 12:02:27.422  4009  4009 W System.err: Caused by: android.system.ErrnoException: open failed: EACCES (Permission denied)
03-21 12:02:27.422  4009  4009 W System.err:    at libcore.io.Posix.open(Native Method)
03-21 12:02:27.422  4009  4009 W System.err:    at libcore.io.BlockGuardOs.open(BlockGuardOs.java:186)
03-21 12:02:27.422  4009  4009 W System.err:    at libcore.io.IoBridge.open(IoBridge.java:438)
03-21 12:02:27.422  4009  4009 W System.err:    ... 19 more

Unable to build release or debug apk

@ac-pm @jodson @webserfer Hello friends! I've been trying to build an apk of this repo to reflect the latest commit (7e5eb3e) but have not been successful.

This is what I thought the gradle build cmd would be:

./gradlew assembleRelease

Might you point me in the right direction? :D