Skip to content

Disabling SSL Pinning in Android Apps using Frida / Objection

Views: 1251

First, we check if SSL Pinning is enabled in the target Android app by opening up the app. We can see that there is error during the communication between the mobile client and server.

SSL Pinning is enabled in the app

Step 1: Start Frida server in the Android device

adb shell "/data/local/tmp/frida-server &"

Step 2: Run Objection on the target application

objection -g sg.parking.streetsmart explore -q

Step 3: Run the command to disable SSL Pinning in the Android app

android sslpinning disable

Console showing that the method for certificate pinning is bypassed.

Now we can read the request made by the app.

No more SSL error message

Killing Frida-Server

If you face any error and require to restart the Frida-Server, you can kill the frida server process by following these commands:

adb shell
ps -e | grep frida-server
kill -9 pid <pid of the frida-server>

Unable to find executable

Published inAndroid AppSecTools Walkthrough

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *