Skip to content

Instantly share code, notes, and snippets.

@aancw
Last active August 26, 2022 18:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save aancw/3c834d4cd09ac6e249c1603332ba5bb3 to your computer and use it in GitHub Desktop.
Save aancw/3c834d4cd09ac6e249c1603332ba5bb3 to your computer and use it in GitHub Desktop.
Debugging OkHTTP bypass for objection
Java.perform(function () {
const UnverifiedCertError = Java.use('javax.net.ssl.SSLPeerUnverifiedException');
UnverifiedCertError.$init.implementation = function (str) {
const stackTrace = Java.use('java.lang.Thread').currentThread().getStackTrace();
const exceptionStackIndex = stackTrace.findIndex(stack =>
stack.getClassName() === "javax.net.ssl.SSLPeerUnverifiedException"
);
const callingFunctionStack = stackTrace[exceptionStackIndex + 1];
const className = callingFunctionStack.getClassName();
const methodName = callingFunctionStack.getMethodName();
console.log(` =================`);
console.log(` Debugging Stack Trace for SSLPeerUnverifiedException`);
console.log(` Thrown by ${className}->${methodName}`);
};
try {
// Bypass OkHTTPv3 {4}
const okhttp3_Activity_4 = Java.use('okhttp3.CertificatePinner');
okhttp3_Activity_4.check$okhttp.overload('java.lang.String', 'kotlin.jvm.functions.Function0').implementation = function(a, b) {
console.log(' --> Bypassing OkHTTPv3 ($okhttp): ' + a);
return;
};
console.log('[+] OkHTTPv3 ($okhttp)');
} catch (err) {
console.log('[ ] OkHTTPv3 ($okhttp)');
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment