isecpartners / android-ssl-trustkiller Goto Github PK

View Code? Open in Web Editor NEW

694.0 48.0 140.0 943 KB

Bypass SSL certificate pinning for most applications

License: Other

Java 100.00%

android-ssl-trustkiller's Introduction

Android-SSL-TrustKiller

Blackbox tool to bypass SSL certificate pinning for most applications running on a device.

Description

This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.

Usage

Ensure that Cydia Substrate has been deployed on your test device. The installer requires a rooted device and can be found on the Google Play store at https://play.google.com/store/apps/details?id=com.saurik.substrate&hl=en
Download the pre-compiled APK available at https://github.com/iSECPartners/Android-SSL-TrustKiller/releases

Install the APK package on the device:

  adb install Android-SSL-TrustKiller.apk

Add the CA certificate of your proxy tool to the device's trust store.

Notes

Use only on a test devices as anyone on the same network can intercept traffic from a number of applications including Google apps. This extension will soon be integrated into Introspy-Android (https://github.com/iSECPartners/Introspy-Android) in order to allow you to proxy only selected applications.

License

See ./LICENSE.

Authors

Marc Blanchou

android-ssl-trustkiller's People

Contributors

Stargazers

Watchers

Forkers

andlab lucabongiorni galagie ohyeah521 test123asa ocakgun zigmos yourslee ricedu nemesisqp esurharun goodhacker johnjohnsp1 difcareer tylerdurden2010 ajrulez peval sunchen009 shiham101 bigfool free5ty1e decash anirudha-wegilant kittinan 309746069 nocky thor509 wooyundota rxbit curehsu nimrood krishachetan89 yangzoudreamer mdabbagh88 masbog g5t4r drizzlerisk refight gitgzw joel-duqiong ezesoler fishso nightoftwelve 1683942030 drawrowfly linvex null0x4d5a sigma-random mvukovic snooza isaacqiang vaginessa forsun23 nx4dm1n kajovanbuyten nozberkaryaindonesia sec-db jwthanh praiseqin snowdomain jumbo-wjb oscommonjs cpluse m00zh33 jaikishantulswani 5up3rc pzwwei ddtrung-fs arryboom expertasif xkvnn-collection lx0 gitqqqhs ykoukouras snollyg0st3r jjsmida secice mmg1 imorteza shad0w008 ocex productinfo ignitionlab raimundojimenez rickycabugawan alimp5 a-new zyfree modulexcite steve4757 dawson0x00 diegocaridei cyhook gwg422 mark001a initpwn rainmekka frank13810055034 peizhou stodar

android-ssl-trustkiller's Issues

Not working on Nexus 7 4.4

When I try to install, I get the following:

XXXXX:platform-tools xxxxx$ ./adb install /Users/xxxxx/Downloads/Android-SSL-TrustKiller.apk
5262 KB/s (258231 bytes in 0.047s)
java.lang.NoSuchMethodException: getSystemSharedLibraryNames [int]
at java.lang.Class.getConstructorOrMethod(Class.java:472)
at java.lang.Class.getMethod(Class.java:857)
at com.devadvance.rootcloakplus.Main.initForPackageManager(Main.java:45)
at com.devadvance.rootcloakplus.Main.initialize(Main.java:31)
at dalvik.system.NativeStart.main(Native Method)
pkg: /data/local/tmp/Android-SSL-TrustKiller.apk

Cydia is installed and the device was rebooted.

Cydia Substrate Play Store link in README is dead

download http://www.cydiasubstrate.com/download/com.saurik.substrate.apk directly instead

Uninstall

How does one uninstall the apk?

Android 7?

Hello

Any chance to get this tool working with Android 7?

Thanks

No process running

I have installed the apk and i cant see it running

I assume it needs cydia to start it, isnt it? If so.... cydia doesnt support devices newer than 4.3

Do you have any plan to release a standalone version or compatible with other frameworks, as xposed?

Thanks

Android 6 is not supported

Issue #6 is about android 6... lol

what is correct configuration for getting SSL Trustkiller to work?

i have installed fiddler cert on device and was able to intercept HTTPS traffic of google.com via chrome browser with fiddler proxy on windows 10

then i have installed cydia substrate on rooted samsung gt-s7562 with android 4.0.4, linked substrate files. restarted and installed android ssl trustkiller apk.

after that for checking am i doing right with cydia, i have installed winterboard and that was perfectly good.

but for testing :

i was going to intercept my sample app which pinned ssl, but still i couldnt see the traffic.

what is my wrongs?
how exactly your projects works?
specific android version? device?
or only work with google apps?

i'm going to bypass instagram!
is instagram method for ssl pinning the same you working on google apps?

thanks in advance

Lollipop

Any way to make this work on Lollipop ?

Cydia Substrate isn't supported.

Does not do anything?

I have Cydia Substrate installed on my rooted DROID 4 running Android 4.1.2. I installed Android SSL TrustKiller, then linked Substrate files, then restarted my phone. When using Charles Proxy, I continue to only intercept HTTP/HTTPS traffic from apps that don't use SSL Pinning.

Why is this not working?