The setup for the MitM attack is the same, but has some additional steps to install and setup Frida, in order to bypass certificate pinning. Since the APK is not the same as in the previous article you will need to follow the instructions to download the APK for the certificate pinning variant. To distinguish it from the previous build variant the user interface variant for certificate pinning variant uses a different color, but the user experience is the same. Therefore the app will not trust user provided certificates, or certificates in the Android OS (operating system) trusted system store. Previously we used the ShipFast app with the build variant that doesn’t have certificate pinning enabled, but in this approach we will use the build variant with certificate pinning enabled via the network security config file. How is this approach different from the previous one?
Today I will show how to use the Frida instrumentation framework to hook into the mobile app at runtime and instrument the code in order to perform a successful MitM attack even when the mobile app has implemented certificate pinning. In a previous article we learned how to perform a MitM attack on a mobile app that doesn’t employ certificate pinning as a mechanism of preventing such attacks.
0 kommentar(er)
