Does this work with cert pinning on Android? I was only ever able to bypass that by rooting my device and installing an Xposed module to bypass the pin check.
- Connect an Android emulator or a rooted device to ADB, in which case HTTP Toolkit can do totally automated setup for you.
- Use a non-rooted device, and make some minor config changes to the target application (trivial if it's your own application, slightly more difficult if it's not).
That handles 99% of Android apps, which usually don't actually pin certificates - they generally rely on Android's built-in non-modifiable system certificate store instead.
httptoolkit is best software in market that works so easily and can bypass certs pinning.
Here are steps:
Download frida script from httptoolkit server and binary from frida github repo and download httptoolkit app in andriod. Here are my notes.
```
# Copy the server to the device
adb push ./frida-server-$version-android-$arch /data/local/tmp/frida-server
# ^Change this to match the name of the binary you just extracted
# Enable root access to the device
adb root
# Make the server binary executable
adb shell "chmod 755 /data/local/tmp/frida-server"
# Start the server on your device
adb shell "/data/local/tmp/frida-server &"
In short, most of the time you need to either:
- Connect an Android emulator or a rooted device to ADB, in which case HTTP Toolkit can do totally automated setup for you.
- Use a non-rooted device, and make some minor config changes to the target application (trivial if it's your own application, slightly more difficult if it's not).
That handles 99% of Android apps, which usually don't actually pin certificates - they generally rely on Android's built-in non-modifiable system certificate store instead.
Lots more detail on how this all works here: https://httptoolkit.tech/blog/intercepting-android-https/
For apps that really do manually pin certificates, I've also written a general purpose Frida script that covers most cases out of the box. There's a full guide with more detail here: https://httptoolkit.tech/blog/frida-certificate-pinning/. And if even that doesn't work, I've also written a "reverse engineering an Android app from scratch so you can write you own Frida script" guide here: https://httptoolkit.tech/blog/android-reverse-engineering/