GithubHelp home page GithubHelp logo

gcaraciolo / instagram_ssl_pinning Goto Github PK

View Code? Open in Web Editor NEW

This project forked from itsmoji/instagram_ssl_pinning

0.0 1.0 0.0 1.49 GB

Bypass Instagram SSL Pinning on Android

License: GNU General Public License v3.0

instagram_ssl_pinning's Introduction

Instagram SSL Pinning

Bypass Instagram SSL Pinning on Android (ARM and x86) Version 151.0.0.23.120

Requirements

  • The latest version of JDK (Download)

  • Burp Suite v1.7.36 (*.jar version) (Download)
    !!! Please DON'T USE CHARLES, FIDDLER OR MITMPROXY. Only use *.JAR VERSION of Burp Suit and ONLY VERSION 1.7.36, NOT v2 or v2020. And please run it with the LATEST VERSION OF JAVA !!!

  • Instagram APK (ARM - x86) - For root method only
    Download only from these links, not Google Play or somewhere else

  • a rooted Android device (Physical or virtual) - For root method only
    Genymotion Android 8+ recommended.
    Genymotion virtual devices is x86 and rooted by default.

  • ADB (Download) - For root method only
    Genymotion will install ADB automatically, and you can find it on <Genymotion Installation path>/tools

Non-Root Method (Recommended)

Usage

  1. Download and install patched APK (ARM - x86)
    ARM on a physical device or ARM on Genymotion Android 8-Oreo with ARM Translation strongly recommended!

    1.2. For x86 only, Open Instagram app (wait a few seconds) and close it.
    It's important to run Instagram app once, before setting the proxy!

  2. Run Burp Suite with /<JDK Installation path>/bin/java -jar burpsuite_community.jar and setting up proxy on your Android device.
    You should install Burp Suite certificate on your Android device

  3. That's it! Now open the Instagram app on your device and intercept the requests in Burp Suite !

Root Method

Watch tutorial video

Usage (It's important to do step by step)

  1. Download and install Instagram apk on your device.

  2. Open Instagram app (wait a few seconds) and close it.
    It's important to run Instagram app once, before start patching!

  3. Download the patched file (ARM - x86) and push it to the device:
    ARM: adb push libliger.so /data/data/com.instagram.android/lib-superpack-zstd/libliger.so
    x86: adb push libliger.so /data/data/com.instagram.android/lib-zstd/libliger.so

  4. Open Instagram app again (wait a few seconds) and close it.

  5. Run Burp Suite with /<JDK Installation path>/bin/java -jar burpsuite_community.jar and setting up proxy on your Android device.
    You must set the proxy in this step
    You should install Burp Suite certificate on your Android device

  6. That's it! Now open the Instagram app and intercept the requests in Burp Suite !

Instagram Signature Key for ARM and x86

  • v136.0.0.34.124: 46024e8f31e295869a0e861eaed42cb1dd8454b55232d85f6c6764365079374b
  • Instagram does not sign requests in versions newer than 136.0.0.34.124, it's just SIGNATURE string.
    Example: signed_body=SIGNATURE.{"phone_id":"51df5a24-e59e-46cd-bc01-fe658aba9f18","_csrftoken":"mPzWvJ399rqCxOY5rn6Bggq7oOcFkf6U","usage":"prefill"}

Donations

If you want to show your appreciation, you can donate via PayPal.
Iranian users can donate via IDPay.

Thanks.

instagram_ssl_pinning's People

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.