frida-interception-and-unpinning icon indicating copy to clipboard operation
frida-interception-and-unpinning copied to clipboard

Published 20 hours ago verified publisher icon httptoolkit

OkHostnameVerifier

Open kaerbannog opened this issue 1 year ago • 3 comments

a missing case for ssl pinning that could help other :

Java.perform(function () {
  var OkHostnameVerifier = Java.use('com.android.okhttp.internal.tls.OkHostnameVerifier');

  // Hook de la méthode verify
  OkHostnameVerifier.verify.overload('java.lang.String', 'javax.net.ssl.SSLSession').implementation = function (hostname, session) {
      // Affichez les paramètres en rouge dans la console
      console.log("\x1b[31m[Hooked OkHostnameVerifier.verify]");
      console.log("\x1b[31mHostname: \x1b[0m" + hostname);
      console.log("\x1b[31mSSLSession: \x1b[0m" + session);
      var result = this.verify(hostname, session);
      console.log("\x1b[31mResult: \x1b[0m" + result);
      return true;
  };
});

Hope that can help other. BTW, thanks for your amazing work.

kaerbannog avatar Nov 03 '23 13:11 kaerbannog