Bypass restrictions with FRIDA

I recomment read this post first:

First, we need install FRIDA with

					pip install frida-tools

Now, we need know the arch of our Android device:

					adb shell

If you have more than one device, you can run this command:

					adb -s -genymotion device ip-:5555 shell

And, with

					uname -a

We get the arch of our Device.

In this case, x86_64

Linux localhost 5.10.101-genymotion+-ab74 #1 SMP PREEMPT Thu Dec 1 14:03:02 UTC 2022 x86_64

We need know that because, we’ll download the necessary frida-server version for our Android device.

In this case, we will download: frida-server-16.1.8-android-x86_64.xz

To our host machine.

Then, unzip the file with

					7z x frida-server-16.1.8-android-x86_64.xz

We get the file frida-server-16.1.8-android-x86_64

Rename the file

					mv frida-server-16.1.8-android-x86_64 frida-server

And now we will push this file to our Android device:

					adb -s push frida-server /data/local/tmp/

We need that frida-server be executable:

					adb -s shell "chmod 755 /data/local/tmp/frida-server"

So, execute it:

					adb -s shell "/data/local/tmp/frida-server &"

And in our attacker machine we can execute the frida-* suite.

With our Genymotion device running and proxy set, we will download Instagram from playstore.

And we will try login with fake credentials:

Notice that Instagram block the login because the proxy intercept is detected. So, here are a script for bypass these restriction.

But, first we need check if frida is working.

While frida is running in background, we will open another terminal and try execute some command like

					frida-ps -U

Frida is working, so, here the script:

Download the instagram-ssl-pinning-bypass.js file to our directory, but first, close the Instagram App.


Force stop Instagram App

Now we can execute the following command:

					frida -U -l ./instagram-ssl-pinning-bypass.js -f

And in our Genymotion Android device Instagram will be executed:

Remember keep the proxy enable, so we can intercept the traffic.

Notice that now we don’t get the same error, just wrong password. So, the bypass has success.

Now we can intercept Instagram app traffic!

I hope you found it useful (:

Leave a Reply

Your email address will not be published. Required fields are marked *