Comments (25)
I've written a step-by-step tutorial on how to circumvent Instagram SSL pinning protection on latest APK (v78): https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78
Enjoy!
from instagram_ssl_pinning.
I think they created a custom ssl pinning in android layer :-\
I solve this problem
this is a open source repository for researchers
if you do it just share it publicly
I will create a new patch when I have free time in the next month :-)
from instagram_ssl_pinning.
- https://thehackernews.com/2019/03/facebook-whitehat-setting-hackers.html
- https://www.anonews.co/how-to-enable-facebooks-new-white-hat-researcher-settings/
@pashmak73 @RowanFazio @shadowzoom @housedir @pokeefer
from instagram_ssl_pinning.
I think they created a custom ssl pinning in android layer :-\
I solve this problem
this is a open source repository for researchers
if you do it just share it publiclyI will create a new patch when I have free time in the next month :-)
There will be no next patch because facebook has fully implemented tls 1.3 in its apps which cannot be decrypted or sniffed, i have spent many hours reversing the 78.0 version and cannot find a solution for tls 1.3
from instagram_ssl_pinning.
I also could not capture after patching :(
from instagram_ssl_pinning.
Yeah same here. Maybe Instagram added pinning in another function of libliger.so file. Also what program did you use to decompile the so file into the code above?
from instagram_ssl_pinning.
@pokeefer its a screenshot from IDA
from instagram_ssl_pinning.
same here :(
from instagram_ssl_pinning.
I've patched libliger.so for version 70.0.0.22.98 but still unable to see traffic
Maybe yo have any suggestions how fix it?
Did you find anything?
from instagram_ssl_pinning.
@S00164379 Nope :(
from instagram_ssl_pinning.
Is there something?
from instagram_ssl_pinning.
is there any success?
from instagram_ssl_pinning.
Selling
Instagram 75 version pinning ssl key signed
skype: webqart_1
how much?
from instagram_ssl_pinning.
I think they created a custom ssl pinning in android layer :-\
from instagram_ssl_pinning.
@pouyadarabi I agree. Hopefully we can all benefit. Thanks a lot
from instagram_ssl_pinning.
I think they created a custom ssl pinning in android layer :-\
I solve this problem
this is a open source repository for researchers
if you do it just share it publicly
I will create a new patch when I have free time in the next month :-)There will be no next patch because facebook has fully implemented tls 1.3 in its apps which cannot be decrypted or sniffed, i have spent many hours reversing the 78.0 version and cannot find a solution for tls 1.3
https://www.imperialviolet.org/2018/03/10/tls13.html
I do wonder which proxies do support TLS 1.3
from instagram_ssl_pinning.
Super amazing @marco thanks a lot for your very detailed tutorial.
from instagram_ssl_pinning.
Hi and thanks to @MarcoG3 for the tutorial. Sorry but I'm not familiar at all with Android. is it possible to someone post the patched APK here + if any other file needed?
from instagram_ssl_pinning.
@MarcoG3
Thanks, but I did everything you did with no success.
Still canβt read all requests.
here is my patched file: libliger 78.0.0.11.104.zip
from instagram_ssl_pinning.
Can somebody please upload unsigned instagram apk? Thank. Tried to decode it in 3 days, without luck...
from instagram_ssl_pinning.
https://github.com/tsarpaul/FBUnpinner
Should work for Instagram.
Replace lib-xzs/libcoldstart.so with lib-zstd/libliger.so
from instagram_ssl_pinning.
@RowanFazio @shadowzoom Check out guys, newest version of IG, Facebook and Facebook Messenger contains option that allows you to disable SSL-pinning and use your SSL-certificate to decrypt HTTP-traffic ^_^
from instagram_ssl_pinning.
@AmaHacka can you show us how to do that?
from instagram_ssl_pinning.
Has anyone tried Facebook's new method? I can't seem to make them work on my Android. I've enabled all the settings. I've added the IP of my computer as the proxy in the FB App's Proxy Setting and also tried on the wifi settings. but don't get any traffic.
from instagram_ssl_pinning.
@nemoryoliver Yep, everything works. Try to reproduce all steps from manual carefully and update your FB app.
from instagram_ssl_pinning.
Related Issues (20)
- SSL Pinning HOT 6
- Does not show HOT 1
- Fork for APK v27, to match "Instagram-API" project HOT 1
- Feedback
- Ssl un pinning HOT 3
- Frida HOT 18
- Doesn't work completely HOT 2
- ssl pinning for v 10.8.0 HOT 3
- Patch 51.0.0.20.85 HOT 21
- Snapchat ssl pinning request HOT 1
- "App not installed" HOT 1
- Patch 68 HOT 4
- Please update the modified APKs to the latest IG version for IGTV HOT 3
- Not working with version 44
- Can you do ssl pinning of twitter apk?
- Where is the Instructions? HOT 1
- HOW TO UNPACK *.SO HOT 2
- Someone has the latest apk patch? HOT 4
- Works !!, But it doesn't work :/ HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from instagram_ssl_pinning.