File of frida hook - bypass app certificate verification - Code World

File of frida hook - bypass app certificate verification

Mobile 2023-08-02 21:46:03 views: null

File of frida hook - bypass app certificate verification

- Target
- analyze
- hook code

Target

analyze

When capturing packets, it will prompt发送失败，请重试

At this time, using general hook scripts, such as objection自带的绕过pinningfunctions, cannot be bypassed

Let's change the way of thinking. When the app verifies the certificate, it will go through 打开证书this step. We will go to the hook 打开文件method and useobjection就比较方便

It needs to be at startup hookFile类, so --startup-commandthe parameters are used

objection -g cn.ticktick.task explore --startup-command "android hooking watch class_method java.io.File.$init --dump-args --dump-backtrace"

Observing the results, you can find the following keywords, through which certificate pinning can be achieved

1679644966920

hook code

function main() {
    Java.perform(function () {
        var amf = Java.use("am.f");
        amf.a.implementation = function (arg) {
            console.log("hook到了");
            console.log(arg);

        }
    })
}
setImmediate(main);
// frida -U -f cn.ticktick.task  -l 测试.js --no-pause

success

Guess you like

Origin blog.csdn.net/dzdzdzd12347/article/details/129753238

File of frida hook - bypass app certificate verification

Frida hook two-way certificate key

Frida bypass the use of SSL Pinning Android App

1.1 Bypass verification for file upload

frida 如何Hook app启动阶段的方法

Android frida detection bypass

Bypass certificate access Https

Android APP certificate Android signature certificate .keystore file production and generation

【Android】Frida Java Hook + unzip 操作Hook

Jquery bypass authentication (verification)

Java digital certificate for file/encryption/decryption/signature/verification signature

Unsafe file download and upload it - to bypass --MIME type of verification principle upload vulnerability

pythonGUI Automation: bypass the verification code

Password blasting, verification code bypass

Verification code bypass (high risk)

frida的用法--Hook Java层类方法

frida hook java层常用模板

Frida hook override method of anonymous class?

Android Frida hook shelling environment configuration process

Frida encryption parameters kill hook code (no shelling)

Java layer Frida hook Bitmap creation

Certificate verification methods and sites

mavenSSL certificate verification problem

File upload bypass posture

File Upload Vulnerability Bypass

File upload detection and bypass - server detection and bypass

Dynamic verification code to bypass the official website of Razer

Verification code bypass, password retrieval vulnerability

SSL certificate verification on PHP 5.6

OkHttpClient ignores https certificate verification

Recommended

Ranking

#2019110700005

What materials and procedures are required for patent transfer

What is the blockchain Ethereum triplet state root transaction root receipt root

Front-end study notes 04 --- About the insertion of html pictures and videos

Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries

2017 Qingdao-site tournament I The Squared Mosquito Coil

[BZOJ3165][HEOI2013]Segment (line segment tree without marking)

Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju

The latest tutorial on making framework for iOS

DAX Section 6: Statistical Functions

Daily

More

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)