Bypass SSL Pinning without root | Android Security Crash Course

Поделиться
HTML-код
  • Опубликовано: 29 янв 2025

Комментарии • 81

  • @emmanuellebura3681
    @emmanuellebura3681 Год назад +12

    What I loved most about your video is that you didn't just go on to show what works, but you also showed errors that we might encounter and how we could tackle them. Thanks a million.

  • @Ejje12
    @Ejje12 2 дня назад

    Thank you man you are the best it really helped me understand it i think you are the only person on youtube that could show me it like that really appreciate it

  • @JY-xv7ic
    @JY-xv7ic Год назад +1

    im using genymotion with android 12 and when running objection explore the app is closed, how to solve this issue..

  • @shankarsubedi9870
    @shankarsubedi9870 3 месяца назад +1

    what if I have multiple apks for single application? objection only taking single apk for patching

  • @SHEAVEN-q7b
    @SHEAVEN-q7b 5 месяцев назад

    followed all the steps, got the agent injected, but still seeing the "some error occurred try again" type of problem , why ? btw i did that on a revolut app version 7.30.3

  • @novianindy887
    @novianindy887 Год назад +1

    Does it work on instagram app?

  • @iPsalmy
    @iPsalmy 20 дней назад

    This was really helpful. Thanks 🙏🏽

  • @rhen4610
    @rhen4610 2 года назад +3

    Honestly, I didnt know ssl unpinning would be this easy. About to test it on some apps, might be helpful

    • @Ale-m3u
      @Ale-m3u Год назад +1

      Do you know how to bypass ssl pinning by modifying TLS SSL hand shake without having to install a server or inject the frida gadget in the app with objection I need that method

    • @rhen4610
      @rhen4610 Год назад

      @user-yy2wp9ys6d u could modify and downgrade the max sdk version of the apk to sdk 23 (might be 21 idk, I forgot)

    • @Ale-m3u
      @Ale-m3u Год назад

      @@rhen4610 what do you mean by that would it require having access to the app before installation on the device or would it be while the app is already installed on the device

    • @rhen4610
      @rhen4610 Год назад

      @@Ale-m3u before installation

  • @akashisaleem6694
    @akashisaleem6694 Год назад +1

    I did this and it worked perfectly but when I upload the patched app in my phone it keeps crashing is this because the app recognizes it has been modified and crashes and is there any way to fix this? A reply as quick as possible is appreciated as I am in a rush thank you in advance.

    • @CorSecure
      @CorSecure  Год назад

      I don't think I have ever had this issue before, but it could be due to some anti-tampering protections on the app, which take some more extensive research to figure out how to bypass. I did find these two threads on github that might have some comments that could be helpful.
      github.com/sensepost/objection/issues/64
      github.com/sensepost/objection/issues/119

    • @akashisaleem6694
      @akashisaleem6694 Год назад

      @@CorSecure ok thank you I'll get back to you if I find anything thanks!

    • @akashisaleem6694
      @akashisaleem6694 Год назад

      @@CorSecure Hey I used a separate tool to manage the split apks and combined them into one and saved it. The tools known for handling objection split apk files so after that I used the objection command on the new combined apk file and I keep getting this error and I have no idea how to fix it I looked online everywhere and couldn't find a place where the issue was solved this was the command and
      output: objection patchapk -s SAVE_APK
      No architecture specified. Determining it using `adb`...
      Detected target device architecture as: arm64-v8a
      Using latest Github gadget version: 16.1.3
      Patcher will be using Gadget version: 16.1.3
      Detected apktool version as: 2.8.1
      Running apktool empty-framework-dir...
      I: Removing 1.apk framework file...
      Unpacking SAVE_APK
      App already has android.permission.INTERNET
      Target class not specified, searching for launchable activity instead...
      Reading smali from: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali
      Injecting loadLibrary call at line: 16
      Attempting to fix the constructors .locals count
      Current locals value is 0, updating to 1:
      Writing patched smali back to: /tmp/tmpezqieai3.apktemp/smali/es/socialpoint/hydra/permissions/PermissionsActivity.smali
      Copying Frida gadget to libs path...
      Rebuilding the APK with the frida-gadget loaded...
      Rebuilding the APK may have failed. Read the following output to determine if apktool actually had an error:

      ../../../tmp/tmpezqieai3.apktemp/smali_assets/javax/annotation/Nonnull.smali[29,20] Class Ljavax/annotation/Nonnull; has already been interned
      Could not smali file: javax/annotation/Nonnull.smali

      Built new APK with injected loadLibrary and frida-gadget
      Performing zipalign
      Zipalign completed
      Signing new APK.
      Signed the new APK
      Copying final apk from /tmp/tmpezqieai3.apktemp.aligned.objection.apk to SAVE_APK in current directory...
      Cleaning up temp files...

    • @mikkun_
      @mikkun_ 8 месяцев назад

      This happened to me as well. I just edited the dex of the apk to avoid checking if it is modified

  • @songlyrics1944
    @songlyrics1944 2 года назад +1

    when i type patch apk etc instead of giving me the error it gave you it said "Failed to determine architecture. Is the device connected or authorized?" what's that mean

    • @songlyrics1944
      @songlyrics1944 2 года назад

      and how do i fix it

    • @CorSecure
      @CorSecure  2 года назад

      @@songlyrics1944 do you have your phone or emulator connected over USB? that error most likely means that it can't find your device with ADB. you need to have USB debugging enabled and have it connected over USB.

    • @deathpoolxrs3494
      @deathpoolxrs3494 2 года назад

      U needed to have adb connect

    • @AndreasWienes
      @AndreasWienes 2 года назад

      You need to use the option -a and giving the architecture as an argument.
      For example
      objection patchapk -s filename.apk -a x86
      or
      objection patchapk -s filename.apk -a x86_64
      The value of the argument depends on the target architecture. For me it is x86_64 since my android emulator used this architecture. Hope that helps you and others that stumble upon the same issue.

  • @sukhwantsingh501
    @sukhwantsingh501 8 месяцев назад

    What alternative is there to prevent ssl bypass

  • @Ronaldo-pg8by
    @Ronaldo-pg8by Год назад

    if I have multiple devices connected to my laptop, how do I determine which device I want to use for objections tools?

    • @CorSecure
      @CorSecure  11 месяцев назад

      I don't have a lot of experience working with multiple devices connected at the same time, but I believe the -S or --serial flag should work for that. You should be able to run adb devices to get the identifier for the device you are working with and then add -S and that identifier to your command.

  • @cim0hamed
    @cim0hamed 2 года назад

    thank you for the video , please keep sharing content

  • @salad7389
    @salad7389 Год назад

    Do you have alternatives for XAPK? It doesnt seem like objection works on xapks

    • @CorSecure
      @CorSecure  Год назад +1

      Most of the apps I work with either come from the Play Store or are provided in APK format, so I don't have a lot of experience working with XAPKs. My best suggestion would be to convert the XAPK to an APK and then proceed with the normal process using that APK.
      I found this website that has some instructions for XAPK conversion:
      openxapkfile.net/convert-xapk-to-apk.html
      And I also found this standalone Python script to convert an XAPK to an APK:
      github.com/LuigiVampa92/xapk-to-apk
      Like I said, I don't have a lot of experience working with XAPKs, so I haven't really looked into either of these methods. These were just some options that came up from some initial research. I may end up making a video about working with XAPKs in the future after I learn more about them.
      I hope this helps!

    • @salad7389
      @salad7389 Год назад

      @@CorSecure Thanks for the reply! I'll try converting to an APK again, I've had difficulty because some apps have really weird xapk setups, but we'll see. Thanks for continuing to make good content!

  • @soeuou
    @soeuou 6 месяцев назад

    Hello, Im having an issue. Whenever I do this the app (Roblox) closes on open.

    • @CorSecure
      @CorSecure  6 месяцев назад

      The app may have some sort of tampering protection in place that prevents tools like Objection and Frida to be used. It may be possible to bypass those types of protections as well, but it would probably take some additional reverse engineering to determine how they were implemented.

  • @nathancooper10
    @nathancooper10 2 года назад

    How are you adding the burp certificate to a non rooted Android phone?

    • @CorSecure
      @CorSecure  2 года назад +3

      there may be a way to do it using objection or frida, but I would patch the apk to allow the app to use user certificates and install the burp cert as a user cert on the device.
      I might actually make another video about how to do that pretty soon.

    • @AndreasWienes
      @AndreasWienes 2 года назад

      You don't need rooted device to install the burp cert. Just copy it to the device and install it in the Android settings like described in this video. ruclips.net/video/CJR_BSIStmE/видео.html

  • @viswasringan9848
    @viswasringan9848 2 года назад +6

    Using objection tool didn't work for me. Instead i used apk-mitm tool and it was way simple.
    Installation : sudo npm install -g apk-mitm
    Command : apk-mitm {name of the apk}
    I have tried with twitter apk and it worked fine.

    • @harshithav6748
      @harshithav6748 Год назад

      Hey is there more tools like this which I can use for multiple ssl bypassing

    • @AlejandroSanchez-ls4hh
      @AlejandroSanchez-ls4hh Год назад

      Thanks! it worked for me after using other version of apk-tools (The default version was causing errors.)

  • @fatiherdogan3838
    @fatiherdogan3838 2 года назад

    I dont know if i did something wrong but objection did not work without frida. So frida needs root and this cant be ssl unpinning without root.

    • @CorSecure
      @CorSecure  2 года назад +1

      frida is a prerequisite for objection and must be installed on your computer, but the frida-server does not need to be installed on the mobile device, which is the part that requires root. in the "patchapk" step you are essentially baking the frida-server into the apk itself.
      at what step is objection failing for you?

    • @fatiherdogan3838
      @fatiherdogan3838 2 года назад

      @@CorSecure After objection explore, I'm getting this error: "Using USB device `xxx`
      Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is:"

    • @CorSecure
      @CorSecure  2 года назад +1

      @@fatiherdogan3838 did you run the app on the device first? if you try to open the app on the device after it is patched, it should hang like mine did at 10:10. then you can run "objection explore" and the app will continue.

    • @fatiherdogan3838
      @fatiherdogan3838 2 года назад

      @@CorSecure It does not somehow hang and get this error: "Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\frida\gadget-android-arm64.so". I'm trying with snapchat apk btw

    • @Leadar102
      @Leadar102 2 года назад

      @@CorSecure helloo , me too i was having the same problem its showing i cant connect to the frida server , i will try to run it on a rooted emulator later to find out , btw your content is wayyy cool 😎 keep up

  • @jimgrayson4828
    @jimgrayson4828 Год назад

    Im getting a lot of errors using objection so Im probably going to do a different approach which is garuanteed to work

  • @MustafaAlLawati-b5k
    @MustafaAlLawati-b5k Год назад

    Thanks for Video and you make it easy way

  • @PaPa-wn4pe
    @PaPa-wn4pe 2 года назад

    Can you make a video to do like that but for iphone?

    • @CorSecure
      @CorSecure  2 года назад +1

      I have much more experience with Android than iOS. I'll put it on my list of video ideas though and maybe I will make some videos about iOS as well.

  • @hamdyahmed5742
    @hamdyahmed5742 2 года назад

    very helpful...thanks 🙏

  • @AaqibHussainGhallu
    @AaqibHussainGhallu 2 года назад

    Can You Make A Video On Any Easy Method Without PC

  • @Leadar102
    @Leadar102 2 года назад

    Thanks for sharing this knowledge

  • @praveenprajith1528
    @praveenprajith1528 2 года назад

    facing installation error - > Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES: Failed collecting certificates

    • @CorSecure
      @CorSecure  2 года назад

      I don't believe that I have ever run into that error while using objection, but I found this issue on github that has some potential fixes. I hope that helps.
      github.com/sensepost/objection/issues/498

    • @mohammedeldawody...6165
      @mohammedeldawody...6165 2 года назад

      just disconnect and reconnect your device. should work

  • @azizkouiki
    @azizkouiki 5 месяцев назад

    Respect dude

  • @azizkouiki
    @azizkouiki 5 месяцев назад

    Can you give me your twitch link

    • @CorSecure
      @CorSecure  5 месяцев назад +1

      I would, but I don't actually stream anymore. I prefer just making videos offline.

  • @nishantbhatia55
    @nishantbhatia55 Год назад

    How about I tell you the app on playstore and you ssl bypass the app and provideme ?

  • @iceb0lt586
    @iceb0lt586 2 года назад

    anyone know how to unpin snapchat

  • @giresripaulinmukamfotsing8875
    @giresripaulinmukamfotsing8875 Год назад

    I know i m kind of a bit late for this but I tried to follow your steps, and eventually solved some errors that you mentioned in your video and another bunch which wasn't reported on it, but i m stuck on an error( Unable to find smali file to patch). It popped out after i installed all the requested libraries and launched the patchapk command of objection. Please help me on this.

    • @CorSecure
      @CorSecure  Год назад

      It looks like you are facing the same issue that is mentioned in this thread: github.com/sensepost/objection/issues/332
      I haven't faced this error myself, but according to the response in that thread, the solution is to use the --target-class flag and specify a class. Some more info on using that flag can be found on the wiki here: github.com/sensepost/objection/wiki/Android-APK-Patching#custom-target-classes

    • @giresripaulinmukamfotsing8875
      @giresripaulinmukamfotsing8875 Год назад

      Oh thanks very much, i really appreciate. By the way i love your video

    • @jimgrayson4828
      @jimgrayson4828 Год назад

      The issue I'm facing is probably my fault I actually watched this video yesterday and I came across an issue where I modified aapt files
      this is my error /usr/bin/aapt: error while loading shared libraries: libunwind.so.0: cannot open shared object file: No such file or directory

  • @towatch
    @towatch 7 месяцев назад

    You're awesome

    • @CorSecure
      @CorSecure  7 месяцев назад

      Thanks! :)

    • @misterge3169
      @misterge3169 7 месяцев назад

      Did that work?

    • @towatch
      @towatch 7 месяцев назад +1

      @@misterge3169 unfortunately no. Though everything was successful, the still could not allow me to bypass ssl pinning.

    • @towatch
      @towatch 7 месяцев назад

      i want to mention that objection was not able to bypass SSL pinning in the app i was testing, but with root access and with frida i was able to bypass SSL pinning here is the video from CorSecure ruclips.net/video/BQwyy338Zag/видео.html the frida is what worked for my case.

  • @Innovators-Toolkit
    @Innovators-Toolkit 2 года назад

    😍

  • @shortvideo2457
    @shortvideo2457 6 месяцев назад

    How to contact you brother

  • @for3st945
    @for3st945 Год назад

    It fucking works.

  • @ashsharp1985
    @ashsharp1985 7 месяцев назад

    Can i contact you?

  • @deathpoolxrs3494
    @deathpoolxrs3494 2 года назад

    Error after running objection explore :Unable to connect to the frida server: need Gadget to attach on jailed Android; its default location is: /home/kali/.cache/frida/gadget-android-arm64.so

    • @CorSecure
      @CorSecure  2 года назад

      I have never run into this error before, but I found this issue on github. looks it could possibly be a version mismatch.
      github.com/sensepost/objection/issues/456

    • @deathpoolxrs3494
      @deathpoolxrs3494 2 года назад +1

      Objection -g explore, this fixed my issue

    • @CorSecure
      @CorSecure  2 года назад +1

      @@deathpoolxrs3494 great! I'm glad you were able to figure it out.

  • @project3149
    @project3149 2 года назад

    i get this error
    Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true