Any suggestions for 70.0.0.22.98 about instagram_ssl_pinning HOT 25 CLOSED

I've written a step-by-step tutorial on how to circumvent Instagram SSL pinning protection on latest APK (v78): https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78

Enjoy!

from instagram_ssl_pinning.

I think they created a custom ssl pinning in android layer :-\

I solve this problem

this is a open source repository for researchers
if you do it just share it publicly

I will create a new patch when I have free time in the next month :-)

from instagram_ssl_pinning.

1. https://thehackernews.com/2019/03/facebook-whitehat-setting-hackers.html
2. https://www.anonews.co/how-to-enable-facebooks-new-white-hat-researcher-settings/
   @pashmak73 @RowanFazio @shadowzoom @housedir @pokeefer

from instagram_ssl_pinning.

I think they created a custom ssl pinning in android layer :-\

I solve this problem

this is a open source repository for researchers
if you do it just share it publicly

I will create a new patch when I have free time in the next month :-)

There will be no next patch because facebook has fully implemented tls 1.3 in its apps which cannot be decrypted or sniffed, i have spent many hours reversing the 78.0 version and cannot find a solution for tls 1.3

from instagram_ssl_pinning.

I also could not capture after patching :(

from instagram_ssl_pinning.

Yeah same here. Maybe Instagram added pinning in another function of libliger.so file. Also what program did you use to decompile the so file into the code above?

from instagram_ssl_pinning.

@pokeefer its a screenshot from IDA

from instagram_ssl_pinning.

same here :(

from instagram_ssl_pinning.

I've patched libliger.so for version 70.0.0.22.98 but still unable to see traffic

Maybe yo have any suggestions how fix it?

Did you find anything?

from instagram_ssl_pinning.

@S00164379 Nope :(

from instagram_ssl_pinning.

Is there something?

from instagram_ssl_pinning.

is there any success?

from instagram_ssl_pinning.

Selling
Instagram 75 version pinning ssl key signed
skype: webqart_1

how much?

from instagram_ssl_pinning.

I think they created a custom ssl pinning in android layer :-\

from instagram_ssl_pinning.

@pouyadarabi I agree. Hopefully we can all benefit. Thanks a lot

from instagram_ssl_pinning.

I think they created a custom ssl pinning in android layer :-\

I solve this problem

this is a open source repository for researchers
if you do it just share it publicly
I will create a new patch when I have free time in the next month :-)

There will be no next patch because facebook has fully implemented tls 1.3 in its apps which cannot be decrypted or sniffed, i have spent many hours reversing the 78.0 version and cannot find a solution for tls 1.3

https://www.imperialviolet.org/2018/03/10/tls13.html

I do wonder which proxies do support TLS 1.3

from instagram_ssl_pinning.

Super amazing @marco thanks a lot for your very detailed tutorial.

from instagram_ssl_pinning.

Hi and thanks to @MarcoG3 for the tutorial. Sorry but I'm not familiar at all with Android. is it possible to someone post the patched APK here + if any other file needed?

from instagram_ssl_pinning.

@MarcoG3
Thanks, but I did everything you did with no success.
Still can’t read all requests.
here is my patched file: libliger 78.0.0.11.104.zip

from instagram_ssl_pinning.

Can somebody please upload unsigned instagram apk? Thank. Tried to decode it in 3 days, without luck...

from instagram_ssl_pinning.

https://github.com/tsarpaul/FBUnpinner
Should work for Instagram.
Replace lib-xzs/libcoldstart.so with lib-zstd/libliger.so

from instagram_ssl_pinning.

@RowanFazio @shadowzoom Check out guys, newest version of IG, Facebook and Facebook Messenger contains option that allows you to disable SSL-pinning and use your SSL-certificate to decrypt HTTP-traffic ^_^

from instagram_ssl_pinning.

@AmaHacka can you show us how to do that?

from instagram_ssl_pinning.

Has anyone tried Facebook's new method? I can't seem to make them work on my Android. I've enabled all the settings. I've added the IP of my computer as the proxy in the FB App's Proxy Setting and also tried on the wifi settings. but don't get any traffic.

from instagram_ssl_pinning.

@nemoryoliver Yep, everything works. Try to reproduce all steps from manual carefully and update your FB app.

from instagram_ssl_pinning.