{"id":6058,"date":"2023-12-08T04:42:57","date_gmt":"2023-12-08T04:42:57","guid":{"rendered":"https:\/\/www.bulwarkers.com\/blogs\/?p=6058"},"modified":"2023-12-08T04:42:59","modified_gmt":"2023-12-08T04:42:59","slug":"android-certificate-pinning-bypass","status":"publish","type":"post","link":"https:\/\/www.bulwarkers.com\/blogs\/android-certificate-pinning-bypass\/","title":{"rendered":"Android Certificate Pinning Bypass"},"content":{"rendered":"\n<p><strong>Summary:-<\/strong><\/p>\n\n\n\n<p>This post shows the technique to bypass the certificate pinning implemented by the xyz android application.<\/p>\n\n\n\n<p><strong>Prerequisites:-<\/strong><\/p>\n\n\n\n<p>This technique has some prerequisites that should be fulfilled before you proceed with the certificate pinning bypass.<\/p>\n\n\n\n<p>1. Android devices with Android version 5.0 and up<br>2. Device should be rooted.<\/p>\n\n\n\n<p><strong>Step to bypass:-<\/strong><\/p>\n\n\n\n<p><strong>Step 1:<\/strong><br>\u2013 Download and install the xposed framework with the following command.<br>$ adb install xposed_v3.1.apk<\/p>\n\n\n\n<p>Now you have the Xposed framework installed on your device.<\/p>\n\n\n\n<p><strong>Step 2:<\/strong><\/p>\n\n\n\n<p>\u2013 Download and install sslunpinning application with the following command.<br>$ adb install sslunpinning.apk<\/p>\n\n\n\n<p>Now you have sslunpinning application installed on your device.<\/p>\n\n\n\n<p><strong>Step 3:<\/strong><\/p>\n\n\n\n<p>\u2013 Open the sslunpinning application and select the\u00a0<em>XYZ<\/em>\u00a0application<\/p>\n\n\n\n<p><strong>Step 4:<\/strong><\/p>\n\n\n\n<p>\u2013 Open the Xposed application. Navigate to \u201cmodule\u201d and enable the SSLUnpinning module.<\/p>\n\n\n\n<p>Now reboot the device to apply the changes.<\/p>\n\n\n\n<p><strong>Step 5:<\/strong><\/p>\n\n\n\n<p>\u2013 Integrate Android devices with Burp Suite Proxy.<br>\u2013 Open the application fill up the login form and click on the \u201cSign In\u201d button.<\/p>\n\n\n\n<p>\u2013 We can see that the request has been intercepted successfully through an SSL pinning bypass.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary:- This post shows the technique to bypass the certificate pinning implemented by the xyz android application. Prerequisites:- This technique has some prerequisites that should be fulfilled before you proceed with the certificate pinning bypass. 1. Android devices with Android version 5.0 and up2. Device should be rooted. Step to bypass:- Step 1:\u2013 Download and install the xposed framework with the following command.$ adb install xposed_v3.1.apk Now you have the Xposed framework installed on your device. Step 2: \u2013 Download and install sslunpinning application with the following command.$ adb install sslunpinning.apk Now you have sslunpinning application installed on your device. Step 3: \u2013 Open the sslunpinning application and select the\u00a0XYZ\u00a0application Step 4: \u2013 Open the Xposed application. Navigate to \u201cmodule\u201d and enable the SSLUnpinning module. Now reboot the device to apply the changes. Step 5: \u2013 Integrate Android devices with Burp Suite Proxy.\u2013 Open the application fill up the login form and click on the \u201cSign In\u201d button. \u2013 We can see that the request has been intercepted successfully through an SSL pinning bypass.<\/p>\n","protected":false},"author":1,"featured_media":6059,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":0,"footnotes":""},"categories":[71],"tags":[],"class_list":["post-6058","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","pmpro-has-access"],"views":5947,"_links":{"self":[{"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/posts\/6058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/comments?post=6058"}],"version-history":[{"count":1,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/posts\/6058\/revisions"}],"predecessor-version":[{"id":6060,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/posts\/6058\/revisions\/6060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/media\/6059"}],"wp:attachment":[{"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/media?parent=6058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/categories?post=6058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bulwarkers.com\/blogs\/wp-json\/wp\/v2\/tags?post=6058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}