UNPKG

rms-runtime-mobile-security

Version:

Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

github.com/m0bilesecurity/RMS-Runtime-Mobile-Security

m0bilesecurity/RMS-Runtime-Mobile-Security

45 lines (39 loc) 1.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/************************************************************************ * Name: SSL Pinning Universal Bypass (without CA) * OS: Android * Authors: Maurizio Siddu * Source: https://github.com/akabe1/my-FRIDA-scripts *************************************************************************/ setTimeout(function () { Java.perform(function () { send(''); send('======'); send('[#] Android Universal Certificate Pinning Bypasser [#]'); send('======'); // TrustManagerImpl Certificate Pinning Bypass try { var array_list = Java.use('java.util.ArrayList'); var custom_TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl'); //custom_TrustManagerImpl.checkTrustedRecursive.implementation = function(untrustedChain, trustAnchorChain, host, clientAuth, ocspData, tlsSctData) { custom_TrustManagerImpl.checkTrustedRecursive.implementation = function (a, b, c, d, e, f, g, h) { //if host: send('[+] Bypassing TrustManagerImpl pinner for: ' + b + '...'); //else: // send('[+] Bypassing TrustManagerImpl pinner...'); var fakeTrusted = array_list.$new(); return fakeTrusted; } } catch (err) { send('[-] TrustManagerImpl pinner not found'); } // OpenSSLSocketImpl Certificate Pinning Bypass try { var custom_OpenSSLSocketImpl = Java.use('com.android.org.conscrypt.OpenSSLSocketImpl'); custom_OpenSSLSocketImpl.verifyCertificateChain.implementation = function (g, i) { send('[+] Bypassing OpenSSLSocketImpl pinner...'); } } catch (err) { send('[-] OpenSSLSocketImpl pinner not found'); } }); }, 0);