Hi everyone! Welcome to Pentestguy. In this article, we will explain how iOS ssl pinning bypass using the frida-tools. There might be multiple ways to achieve SSL pinning bypass but frida and objection work like butter. An iOS pinning bypass process is similar to android SSL pinning bypass, If you like to know about android SSL pinning bypass, do checkout this article – https://pentestguy.com/ssl-pinning-bypass-using-frida-and-objection/
Setting up a Burp Proxy for iPhone/iPad:
First of all open the burp-suite and go to the proxy sections, edit the proxy, and set it to the IP address or laptop/desktop, refer to the screenshot below for better understanding.
In the mobile device, go to the wifi settings and open the options available for connected wifi (Make sure that both devices are connected to the same network).
Open the HTTP PROXY and set it to the manual, provide the laptop/desktop IP address where Burp is running along with the default port number 8080.
Download burp certificate by visiting http://burp
Now verify the certificate from settings of your device. It will show you a new notification or you can search it, into the settings.
Here you are able to capture the http/https traffic of your device via burpsuite.
Install frida on iPhone/iPad
To install frida on mobile device, you need a jailbroken device. If you don’t know how to jailbreak your device as well as frida installation, do follow this article – https://pentestguy.com/how-to-jailbreak-ios-15-setup-for-pentesting/
Install frida-tools
Install frida-tools on the system, it will be Linux or macOS and for that make sure to install Python first. I am using macOS for the below example.
sudo apt install python3 python3-pip pip3 install frida-tools
SSL Pinning bypass
Connect your mobile device to laptop/device and run the below frida command to check the installed application on your iPhone device.
frida-ps -Uai
For this demonstration using twitter application, use the below command to bypass the SSL pinning. You only need to replace the identifier name of your target application.
frida --codeshare federicodotta/ios13-pinning-bypass -f com.atebits.Tweetie2 -U
and that all, you can play with the application(perform actions like login, search) and can able to see the data in burpsuite.
Please share this post with your co-workers and friends if you found it helpful. Please provide your valuable comments and let us know if there are any suggestions. Now you can also collaborate with us please check our collaboration page, thank you!
