Script para automatizar un bypass de SSL/Certificate pinning en Android
Mirar sobrepasar certificate pinning con Frida.re
{ Update: No funcionó
/n Could not proceed further at java -jar /home/dal/Descargas/Android-CertKiller-master/dependency/apktool.jar b -f base. Raise a ticket=> https://github.com/51j0/Android-CertKiller/issues/new
En dispositivo sin rootear.
https://github.com/51j0/Android-CertKiller
This Python script can extract the APK from an installed Android app, decompile it,
make it debuggable, add a new network security config that allows user certificates,
builds and signs the new APK and installs the new APK with the SSL Bypass.
}
Bypassing the Network Security Configuration
From Android 7.0 (API level 24) onwards, the network security configuration allows apps to customize their network security settings, by defining which CA certificates the app will be trusting.
Otra manera: ( Update: no funcionó )
What to do if the Wi-Fi we need for testing has client isolation?
You can configure the proxy on your Android device to point to 127.0.0.1:8080, connect your phone via USB to your host computer and use adb to make a reverse port forwarding:
$ adb reverse tcp:8080 tcp:8080
Once you have done this all proxy traffic on your Android phone will be going to port 8080 on 127.0.0.1 and it will be redirected via adb to 127.0.0.1:8080 on your host computer and you will see now the traffic in your Burp. With this trick you are able to test and intercept traffic also in Wi-Fis that have client isolation.
En rooteado:
Manually adding the Proxy's certificate among system trusted CAs
