DEVHIDE
Login Or Sign up

Frida Certificate Pinning is failing for all the apps

2.2k Views Asked by At

I'm really new to android traffic intercepting. I just wanted to intercept a 3rd party app's API requests for some research. I started from official frida docs and reached up to the step unpinning the SSL certificate using this guide. I managed to successfully setup frida server on android device and it's running fine. But whenever I try to bypass any app's certificate pinning I'm getting the same error below. I have tried many different apps having certificate pinning and all results the same error. I'm using the following command for unpinning.

frida -U -l ./frida-script.js -f tech.httptoolkit.pinning_demo

I'm using this script to bypass certificate pinning and getting the following results.

Spawned `com.snapchat.android`. Use %resume to let the main thread start executing!
Error: getPackageInfoNoCheck(): has more than one overload, use .overload(<signature>) to choose from:
    .overload('android.content.pm.ApplicationInfo', 'android.content.res.CompatibilityInfo')
    .overload('android.content.pm.ApplicationInfo', 'android.content.res.CompatibilityInfo', 'boolean')
    at X (frida/node_modules/frida-java-bridge/lib/class-factory.js:569)
    at K (frida/node_modules/frida-java-bridge/lib/class-factory.js:564)
    at set (frida/node_modules/frida-java-bridge/lib/class-factory.js:932)
    at <anonymous> (frida/node_modules/frida-java-bridge/index.js:224)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
    at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)
    at perform (frida/node_modules/frida-java-bridge/index.js:204)
    at <anonymous> (/frida/repl-2.js:520)
    at apply (native)
    at <anonymous> (frida/runtime/core.js:51)
[Android Emulator 5554::tech.httptoolkit.pinning_demo]->

Using the %resume doesn't do anything and I still get error certificate rejected from the app server it's sending the requests to.

The error is same for even the demo app linked in the frida certificate unpinning guide. Sorry if the explanation isn't enough and I'll be really thankful if someone is up to help. Thank you.

android certificate frida pinning
Original Q&A
2

There are 2 best solutions below

0
Tim Perry On

Not 100% confirmed, but this appears to be a bug in Frida, either in the latest version of Frida (15.2.2) or Android (13).

See https://github.com/frida/frida/issues/2218 for more info.

0
Evan On

Tim is correct, this is a bug, probably on a13 devices. The trick is to run %reload in the frida shell after the error, this will cause the script to run and magically no error

https://github.com/frida/frida/issues/2218#issuecomment-1239983236

Related Questions in ANDROID

Related Questions in CERTIFICATE

Related Questions in FRIDA

Related Questions in PINNING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.