Skip to content

Instantly share code, notes, and snippets.

@goncalor

goncalor/xposed.markdown

Last active December 12, 2023 14:15
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save goncalor/586a6a8da585b118b18a86a69635fd06 to your computer and use it in GitHub Desktop.
Save goncalor/586a6a8da585b118b18a86a69635fd06 to your computer and use it in GitHub Desktop.
Download ZIP
How to install Xposed and JustTrustMe in a VM to defeat certificate pinning
Raw
xposed.markdown

Installing Xposed & JustTrustMe in a VM

Prerequisites

  • Download an x86 Android image (32 bits)
  • Download the XposedInstaller APK (see at bottom of original post)
  • Download the Xposed framework for SDK27 (Android 8.1)

Installing Android into a VM

VirtualBox is assumed.

  1. Create a new machine with Type Linux and Version Linux ... 4.x (32-bit)
  2. Configure System > Pointing Device to use PS/2 Mouse
  3. Configure Network > Attached to to Bridged Adapter
  4. Proceed with the instalation (no Google Account needed)

Installing Xposed

  1. Enable Android Developer Options (Settings > System > About tablet and press Build number seven times)

  2. Extract the Xposed framework ZIP file. You will have a system and a META-INF directory

  3. Find the IP of the VM. A quick way to do it might be to nmap <subnet>/24 -T5 -p5555 --open

  4. Connect to the IP of the VM (adb connect <ip>)

  5. Push the system directory (adb push system /sdcard)

  6. Push the files in META-INF/com/google/android/ (adb push META-INF/com/google/android/* /sdcard)

  7. Get a shell in the Android VM (adb shell)

  8. Escalate with su and cd /sdcard

  9. Run sh flash-script.sh and you should get something like this

     x86:/sdcard # sh flash-script.sh                                               
 ************************************
  Xposed Framework installer zip
 ************************************
 - Mounting /system and /vendor read-write
 - Checking environment
   Xposed version:  90-beta3
   Android version: 8.1 / SDK27
   Platform:        x86
 - Placing files
 - Done
  
 ************************************
 The first boot will take longer than
 usual, please wait a few minutes.
 ************************************

  10. reboot

  11. Install XposedInstaller (adb install XposedInstaller_x.y.z.apk)

  12. Reboot

  13. Open XposedInstaller and validate it's green and says Xposed is active

  14. That's it!

Installing JustTrustMe

Installing Xposed modules is simple: just donwload and install the module's APK.

  1. Download the JustTrustMe.apk
  2. Install the APK (adb install ./JustTrustMe.apk)
  3. Check that JustTrustMe appears under Xposed's modules
  4. Activate JustTrustMe by checking its checkbox
  5. Reboot for the activation to take effect

Forwarding requests to a proxy

To MITM the requests using a transparent proxy such as Owasp ZAP or Burp open a shell, escalate with su and add the following iptables rules:

iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 80 -j DNAT --to <proxy_ip>:<proxy_port>
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 443 -j DNAT --to <proxy_ip>:<proxy_port>

Now if you open the application you wish to MITM you should see its traffic passing through the proxy.

Don't let the screen turn off

settings put global stay_on_while_plugged_in 7
@hxp-plus
Copy link

Download the Xposed framework for SDK27 (Android 8.1)
The download link is broken.
It should be https://dl-xda.xposed.info/framework/sdk27/x86/ for now.

@goncalor
Copy link
Author

Fixed. Thanks!

@clight917
Copy link

Android 7.1 cannot install!

@LittleLama
Copy link

LittleLama commented Jul 22, 2021
edited

Hi and many thanks for this. It's very clear.
Though I got some problems with the internet connexion since I ran the iptables command. I'd rather configure a proxy (I think) from the Wifi parameters. I tried to but can't google from chrome (by example).
How to revert/erase the iptables command please ?
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 80 -j DNAT --to <proxy_ip>:<proxy_port>
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 443 -j DNAT --to <proxy_ip>:<proxy_port>

@goncalor
Copy link
Author

Hi @LittleLama. Just give exactly the same command but substitute -A (append) for -D (delete). You can list the NAT rules with iptables -t nat -L.
Thank you for the feedback :)

@kshnkvn
Copy link

kshnkvn commented Mar 22, 2023

I can't open https://dl-xda.xposed.info/framework/sdk27/x86/
Can someone give me direct link to download framework?

@CMHWDev
Copy link

CMHWDev commented Aug 10, 2023

I can't open https://dl-xda.xposed.info/framework/sdk27/x86/ Can someone give me direct link to download framework?

i get the same issue I think the link doesn't work anymore

@Ben-Pilias
Copy link

Je ne parviens pas à ouvrir https://dl-xda.xposed.info/framework/sdk27/x86/ Quelqu'un peut-il me donner un lien direct pour télécharger le framework ?

try https://archive.org/download/xposed-sdk25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment