Skip to content

Instantly share code, notes, and snippets.

@liamcottle
Last active March 5, 2024 10:23
Show Gist options
  • Save liamcottle/e64b9aadd30eea0702391fba93b0994c to your computer and use it in GitHub Desktop.
Save liamcottle/e64b9aadd30eea0702391fba93b0994c to your computer and use it in GitHub Desktop.
Disable SSL Pinning on Instagram for Android

Disable SSL Pinning on Instagram for Android

Create the file /data/data/com.instagram.android/shared_prefs/devprefs.xml and add the following content. (You will need root access to modify it)

<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
    <string name="debug_allow_user_certs_ttl">1557909551442:86400000</string>
    <boolean name="debug_allow_user_certs" value="true" />
    <boolean name="debug_disable_liger_fizz" value="true" />
</map>

Options

debug_allow_user_certs_ttl

Format: enabled_at_timestamp_in_millis:expires_in_millis

The value of debug_allow_user_certs_ttl is the timestamp in milliseconds that this setting was enabled as well as how many milliseconds until it will automatically be disabled. The default expires_in_millis is 1 day.

Update this value to the current timestamp and change the end value to something higher.

debug_allow_user_certs

This setting allows user certificates that are installed on the device.

debug_disable_liger_fizz

This setting disables TLSv1.3, which is required if you use proxies such as Charles, which don't support it.

Other Info

Facebook introduced Whitehat settings allowing security researchers easier access to "analyze mobile traffic to and from your own device for Whitehat bug bounty purposes".

@polatdev
Copy link

On which versions does this method work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment