Hello everyone! Welcome to the pentestguy. In this blog post we are going to focus on bypass ssl certificate pinning with root. As some researcher use the physical device to perform android application penetration testing and they don’t want to root their physical device so this technique will help to bypass the ssl pinning with rooting the android device.
Prerequisites
Make sure to install objection, don’t know how to do it? Follow the this article.
Ensure you have all the necessary packages installed to patch the APK using Objection. Open your terminal and run:
sudo apt install aapt adb apksinger apktool zipalign
Step 1: Download Your Target App
To get started, download any APK of your choice, whether from sources like APKPure or by pulling it from your Android device if it’s already installed. For this demonstration, we’ll be using the Twitter APK.
Step 2: Patching the APK
To begin patching the APK with android device running or connected(physical device, follow the command given below.
objection patchapk -s example.apk
If you want to run it with when running Android virtual device not running, use this command, specifying the architecture (e.g., x86):
objection patchapk -s example.apk -a x86
Note: You may encounter errors during this step; if you see a long text in red, it’s likely due to APKTool. Let’s address that.
Step 3: Fixing APKTool Issues
3.1 Check your APKTool version with the following command:
apktool -version
3.2 If you’ve installed APKTool directly from apt, it may have a “dirty” version name like “2.5.0-dirty.” To fix this, purge APKTool:
sudo apt purge apktool
3.3 Install APKTool manually by following the installation instructions on the APKTool website (https://apktool.org/docs/install) specifically for Linux.
Step 4: Retry Patching
After installing APKTool correctly, repeat the “patchapk” step. It should now succeed without errors, as shown in the above screenshot.
Step 5: Install the Modified APK
To install the patched APK on your device, use ADB with the following command:
adb install example.objection.apk
Step 6: Bypass SSL Pinning
Once the installation is complete, run the application and initiate Objection with the following command to bypass SSL pinning:
objection explore android sslpinning disable
Now you’ll be able to capture requests from the Twitter application, confirming that your SSL pinning bypass is working!
If you found this post helpful then please share it with your co-workers and friends. Please provide your valuable comment and let us know if there is any suggestion. Now you can also collab with us please check our collaboration page, thank you!
