/* Another universal ssl certificate pinning bypass script for Android by M

1. /* Another universal ssl certificate pinning bypass script for Android
2. by Maurizio Siddu
3.  
4. Run with:
5. frida -U -f [APP_ID] -l frida_universal_pinning_bypasser.js --no-pause
6. */
7.  
8. setTimeout(function() {
9. Java.perform(function() {
10. console.log('')
11. console.log('======')
12. console.log('[#] Android Universal Certificate Pinning Bypasser [#]')
13. console.log('======')
14.  
15. // TrustManagerImpl Certificate Pinning Bypass
16. try {
17. var array_list = Java.use('java.util.ArrayList');
18. var custom_TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl');
19.  
20. //custom_TrustManagerImpl.checkTrustedRecursive.implementation = function(untrustedChain, trustAnchorChain, host, clientAuth, ocspData, tlsSctData) {
21. custom_TrustManagerImpl.checkTrustedRecursive.implementation = function(a, b, c, d, e, f, g, h) {
22. //if host:
23. console.log('[+] Bypassing TrustManagerImpl pinner for: ' + b + '...');
24. //else:
25. // console.log('[+] Bypassing TrustManagerImpl pinner...');
26. var fakeTrusted = array_list.$new();
27. return fakeTrusted;
28. }
29. } catch (err) {
30. console.log('[-] TrustManagerImpl pinner not found');
31. }
32.  
33.  
34. // OpenSSLSocketImpl Certificate Pinning Bypass
35. try {
36. var custom_OpenSSLSocketImpl = Java.use('com.android.org.conscrypt.OpenSSLSocketImpl');
37. custom_OpenSSLSocketImpl.verifyCertificateChain.implementation = function (g, i) {
38. console.log('[+] Bypassing OpenSSLSocketImpl pinner...');
39. }
40. } catch (err) {
41. console.log('[-] OpenSSLSocketImpl pinner not found');
42. }
43.  
44. });
45. },0);