Instagram-SSL-Pinning-Bypass icon indicating copy to clipboard operation
Instagram-SSL-Pinning-Bypass copied to clipboard

Published 20 hours ago verified publisher icon Eltion

[BUG] Does not Work

Open Hammad69275 opened this issue 1 year ago • 7 comments

Describe the bug
I have installed the patch apk but burp is still showing this unknown_ca error.

Method
Patched APK

App info

  • Version: instagram-v256.0.0.18.105
  • Arch: armeabi-v7a

Device info

  • Model: Infinix X657B
  • Android Version: 13
  • Lineage OS GSI

Proxy tool burp: v2023.6.2.0

Logs image

Additional context My phone is a rooted infinix with lineage os 20 gsi running. I have tried using burp without installing the ca certificate, installing it as a user certificate and also installing it as a system certificate but none of these methods have worked for me.

Hammad69275 avatar Jul 05 '23 17:07 Hammad69275

I've tried both the apk and the frida script and nothing works. Instagram login gets stuck on loading. Maybe its some new pinning technique because I see many other videos where chrome works with burp but is completely failing now

Scylla2020 avatar Jul 09 '23 12:07 Scylla2020

Can you show the logs from the script, it's working for me . image

Eltion avatar Jul 18 '23 02:07 Eltion

Can you show the logs from the script, it's working for me .

image

Does it keep working as you continue clicking around after logging in, viewing followers, doing search etc? For me sometimes it seemed to print some calls before login then afterwards always nothing registers

Scylla2020 avatar Jul 18 '23 03:07 Scylla2020

That is because the application is using HTTP/3. There is an issue about this and a workaround. Check this issue: https://github.com/Eltion/Instagram-SSL-Pinning-Bypass/issues/19

Eltion avatar Jul 18 '23 04:07 Eltion

Unfortunately disabling udp terminates the connection to the app and everything freezes. Im using genymotion on windows and it fails to boot the emulator if the udp is disabled(except port 53). Tried the patched apk and same issues. It fails to login even without proxy, and also freezes after disabling udp. So does it work for you even now, after following the steps in that other issue?

Scylla2020 avatar Jul 18 '23 10:07 Scylla2020

Can you try running the patched apk on an actual device? it still doesnt work for me and all it prints is that it failed to negotiate tls connection due to bad certificate in burp

Hammad69275 avatar Jul 18 '23 15:07 Hammad69275

Hello, I'm starting in this world of research, could you guide me where I can find quality content like the one I'm reading. Areas I'm willing to explore and gain knowledge are APK reverse engineering, network protocol interception and vulnerability analysis.

In advance, I thank everyone involved.

Pugn0 avatar Jul 18 '23 17:07 Pugn0