Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Frida "Universal" SSL Unpinner
Java.perform(function () {
console.log('\n[.] Cert Pinning Bypass');
var X509TrustManager = Java.use('');
var SSLContext = Java.use('');
console.log('[+] Creating a TrustyTrustManager that trusts everything...');
// Create a TrustManager that trusts everything
var TrustyTrustManager = Java.registerClass({
name: 'com.example.TrustyTrustManager',
implements: [X509TrustManager],
methods: {
checkClientTrusted: function (chain, authType) {},
checkServerTrusted: function (chain, authType) {},
getAcceptedIssuers: function () {
return [];
console.log('[+] Our TrustyTrustManagers is ready, ...');
console.log('[+] Hijacking SSLContext methods now...');
console.log('[-] Waiting for the app to invoke SSLContext.init()...');
SSLContext.init.overload('[;', '[;', '').implementation = function (a, b, c) {
console.log('[o] App invoked SSLContext.init()...');
SSLContext.init.overload('[;', '[;', '').call(this, a, [TrustyTrustManager.$new()], c);
console.log('[+] SSLContext initialized with our custom TrustManager!');
// TrustManagerImpl
var TrustManagerImpl = Java.use('');
try {
TrustManagerImpl.verifyChain.implementation = function (untrustedChain, trustAnchorChain, host, clientAuth, ocspData, tlsSctData) {
console.log('[+] Intercepted TrustManagerImpl for host: ' + host);
return untrustedChain;
console.log('[+] Setup TrustManagerImpl pinning');
} catch (err) {
console.log('[!] Unable to hook into TrustManagerImpl')
var TrustManagerImpl = Java.use('');
var Arrays = Java.use('java.util.Arrays');
TrustManagerImpl.checkTrusted.overload('[;', 'java.lang.String', 'java.lang.String', 'boolean').implementation = function(chain, type, host, b) {
console.log('Ignoring trust check for host: ' + host);
return Arrays.asList(chain);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment