Encountering SSLPeerUnverifiedException

[gWcyWoo]

Hi everyone,

I'm encountering an SSLPeerUnverifiedException when executing the command. Additionally, Charles Proxy isn't capturing any data from the client.

I've tried configuring PROXY_HOST with both my actual proxy address and localhost (127.0.0.1) along with setting up port forwarding using 'adb reverse tcp:8000 tcp:8888'. However, both attempts failed - the SSL pinning bypass isn't working, and Charles isn't capturing any client data.

Could anyone help me identify what I'm doing wrong? Thanks in advance!

(im-frida) ➜ frida-interception-and-unpinning git:(main) ✗ frida -U -l ./config.js -l ./native-connect-hook.js -l ./native-tls-hook.js -l ./android/android-proxy-override.js -l ./android/android-system-certificate-injection.js -l ./android/android-certificate-unpinning.js -l ./android/android-certificate-unpinning-fallback.js -f com.wixo.android.music ____ / _ | Frida 16.5.6 - A world-class dynamic instrumentation toolkit | (| | > _ | Commands: // |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ . . . . . . . . Connected to Pixel 5 (id=11151FDD400352) Spawning com.wixo.android.music...

*** Starting scripts *** == Redirecting all TCP connections to 127.0.0.1:8000 == [+] Patched 2 libssl.so verification methods == Hooked native TLS lib libssl.so == Spawned com.wixo.android.music. Resuming main thread!
[Pixel 5::com.wixo.android.music ]-> SOCK_TYPE: unix:dgram Ignoring unix:dgram connection == Proxy system configuration overridden to 127.0.0.1:8000 == Rewriting <class: sun.net.spi.DefaultProxySelector> Rewriting <class: java.net.ProxySelector> Rewriting <class: android.net.PacProxySelector> == Proxy configuration overridden to 127.0.0.1:8000 == [+] Injected cert into com.android.org.conscrypt.TrustedCertificateIndex [ ] Skipped cert injection for org.conscrypt.TrustedCertificateIndex (not present) [ ] Skipped cert injection for org.apache.harmony.xnet.provider.jsse.TrustedCertificateIndex (not present) == System certificate trust injected ==

=== Disabling all recognized unpinning libraries ===

[+] javax.net.ssl.HttpsURLConnection setDefaultHostnameVerifier [+] javax.net.ssl.HttpsURLConnection setSSLSocketFactory [+] javax.net.ssl.HttpsURLConnection setHostnameVerifier [+] javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) [ ] com.android.org.conscrypt.CertPinManager isChainValid [+] com.android.org.conscrypt.CertPinManager checkChainPinning [+] android.security.net.config.NetworkSecurityConfig $init() (0) [+] android.security.net.config.NetworkSecurityConfig $init() (1) [+] com.android.okhttp.internal.tls.OkHostnameVerifier verify(String, SSLSession) [+] com.android.okhttp.Address $init(String, int, Dns, SocketFactory, SSLSocketFactory, HostnameVerifier, CertificatePinner, Authenticator, Proxy, List, List, ProxySelector) [ ] com.android.okhttp.Address $init(String, int, SocketFactory, SSLSocketFactory, HostnameVerifier, CertificatePinner, Authenticator, Proxy, List, List, ProxySelector) [ ] okhttp3.CertificatePinner * [ ] com.squareup.okhttp.CertificatePinner * [ ] com.datatheorem.android.trustkit.pinning.PinningTrustManager * [ ] appcelerator.https.PinningTrustManager * [ ] nl.xservices.plugins.sslCertificateChecker * [ ] com.worklight.wlclient.api.WLClient * [ ] com.worklight.wlclient.certificatepinning.HostNameVerifierWithCertificatePinning * [ ] com.worklight.androidgap.plugin.WLCertificatePinningPlugin * [ ] com.commonsware.cwac.netsecurity.conscrypt.CertPinManager * [ ] io.netty.handler.ssl.util.FingerprintTrustManagerFactory * [ ] com.silkimen.cordovahttp.CordovaServerTrust * [ ] com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyHostnameVerifier * [ ] com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyInterceptor * [ ] com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyTrustManager * == Certificate unpinning completed == == Unpinning fallback auto-patcher installed == *** Scripts completed ***

Ignoring attempt to override http.proxyHost system property Ignoring attempt to override https.proxyHost system property Ignoring attempt to override http.proxyPort system property Ignoring attempt to override https.proxyPort system property Ignoring attempt to override http.nonProxyHosts system property Ignoring attempt to override https.nonProxyHosts system property => android.security.net.config.NetworkSecurityConfig $init() (0) => android.security.net.config.NetworkSecurityConfig $init() (0) SOCK_TYPE: unix:stream Ignoring unix:stream connection SOCK_TYPE: unix:stream Ignoring unix:stream connection SOCK_TYPE: unix:stream Ignoring unix:stream connection => com.android.okhttp.Address $init(String, int, Dns, SocketFactory, SSLSocketFactory, HostnameVerifier, CertificatePinner, Authenticator, Proxy, List, List, ProxySelector) SOCK_TYPE: tcp6 Port: 8000 SOCK_TYPE: unix:stream Ignoring unix:stream connection SOCK_TYPE: unix:stream Ignoring unix:stream connection Connected tcp6 fd 90 to {"ip":"::ffff:127.0.0.1","port":8000} (-1) SOCK_TYPE: unix:stream Ignoring unix:stream connection SOCK_TYPE: unix:stream Ignoring unix:stream connection => javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) => javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) => javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) => javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) => javax.net.ssl.SSLContext init(KeyManager;[], TrustManager;[], SecureRandom) SOCK_TYPE: unix:stream Ignoring unix:stream connection

!!! --- Unexpected TLS failure --- !!! SSLPeerUnverifiedException: No peer certificates Thrown by com.android.org.conscrypt.ActiveSession->checkPeerCertificatesPresent [ ] Unrecognized TLS error - this must be patched manually => com.android.okhttp.internal.tls.OkHostnameVerifier verify(String, SSLSession)