SSLUnpinning_Xposed

by ac-pm

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

465 Stars 84 Forks Last release: Not found GNU General Public License v2.0 17 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Attention: I'm working in a new suite of tools that include SSLUnpinning feature and many, many others! Look here -> https://github.com/ac-pm/Inspeckage

SSLUnpinning - Xposed Module

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).

Description

If you need to intercept the traffic from an app which uses certificate pinning, with a tool like Burp Proxy, the SSLUnpinning will help you with this hard work! The SSLUnpinning through Xposed Framework, makes several hooks in SSL classes to bypass the certificate verifications for one specific app, then you can intercept all your traffic.

API

Java Secure Socket Extension (JSSE) - javax.net.ssl.*

APACHE - org.apache.http.conn.ssl.*

OKHTTP - okhttp3.*

Usage

  • install Xposed in your device (root access on Android 5.1 or later); http://repo.xposed.info/module/de.robv.android.xposed.installer
  • Download the APK available here https://github.com/ac-pm/SSLUnpinning_Xposed or clone the project and compile;
  • Install mobi.acpm.sslunpinning_latest.apk on a device with Xposed:

    adb install mobi.acpm.sslunpinning_latest.apk
    
  • SSLUnpinning will list the applications to choose from which will be unpinned;

  • Ok! Now you can intercept all traffic from the chosen app.

Download

Get it from Xposed repo: http://repo.xposed.info/module/mobi.acpm.sslunpinning

How to uninstall

    adb uninstall mobi.acpm.sslunpinning

Screenshots

License

See ./LICENSE.

Author

ACPM

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.