blog
Setup

Setup

Banking Apps

https://markuta.com/magisk-root-detection-banking-apps/ (opens in a new tab)

SSL Unpinning with frida

https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ (opens in a new tab)

frida -U -l sslpinning.js — no-paus -f package

Intercepting applcation traffic in Burp

  • CPU-Z
  1. Connect Android device.
  2. Start Burp and set proxy to listen on all interfaces at 8080.
  3. Manual proxy in Android's WIFI settings.
  4. Download the CA certificate from http://burp/ (opens in a new tab).
  5. Install the certificate in settings.

Bypassing SSL Pinning

  • needs root, magisk, lsposed
  • Modules -> RootCloak, SSL Pinning Bypass, Trust Me, SSLUnpinning
RegexSmali