Bypass restrictions with FRIDA

I recomment read this post first:

First, we need install FRIDA with

				
					pip install frida-tools
				
			

Now, we need know the arch of our Android device:

				
					adb shell
				
			

If you have more than one device, you can run this command:

				
					adb -s -genymotion device ip-:5555 shell
				
			

And, with

				
					uname -a
				
			

We get the arch of our Device.

In this case, x86_64

Linux localhost 5.10.101-genymotion+-ab74 #1 SMP PREEMPT Thu Dec 1 14:03:02 UTC 2022 x86_64

We need know that because, we’ll download the necessary frida-server version for our Android device.

In this case, we will download: frida-server-16.1.8-android-x86_64.xz

To our host machine.

Then, unzip the file with

				
					7z x frida-server-16.1.8-android-x86_64.xz
				
			

We get the file frida-server-16.1.8-android-x86_64

Rename the file

				
					mv frida-server-16.1.8-android-x86_64 frida-server
				
			

And now we will push this file to our Android device:

				
					adb -s 192.168.56.102:5555 push frida-server /data/local/tmp/
				
			

We need that frida-server be executable:

				
					adb -s 192.168.56.102:5555 shell "chmod 755 /data/local/tmp/frida-server"
				
			

So, execute it:

				
					adb -s 192.168.56.102:5555 shell "/data/local/tmp/frida-server &"
				
			

And in our attacker machine we can execute the frida-* suite.

With our Genymotion device running and proxy set, we will download Instagram from playstore.

And we will try login with fake credentials:

Notice that Instagram block the login because the proxy intercept is detected. So, here are a script for bypass these restriction.

But, first we need check if frida is working.

While frida is running in background, we will open another terminal and try execute some command like

				
					frida-ps -U
				
			

Frida is working, so, here the script:

Download the instagram-ssl-pinning-bypass.js file to our directory, but first, close the Instagram App.

				
					wget https://raw.githubusercontent.com/Eltion/Instagram-SSL-Pinning-Bypass/main/instagram-ssl-pinning-bypass.js
				
			

Force stop Instagram App

Now we can execute the following command:

				
					frida -U -l ./instagram-ssl-pinning-bypass.js -f com.instagram.android
				
			

And in our Genymotion Android device Instagram will be executed:

Remember keep the proxy enable, so we can intercept the traffic.

Notice that now we don’t get the same error, just wrong password. So, the bypass has success.

Now we can intercept Instagram app traffic!

I hope you found it useful (:

Leave a Reply

Your email address will not be published. Required fields are marked *