Bypass SSL Pinning - non-rooted devices

With the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite

With the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious.

In this section, you will find the instructions to automates the entire process of getting an app to work with an HTTPS proxy.

If your device is rooted, you can follow options listed in Bypass SSL Pinning - rooted devices

You have these options in rooted devices:

1. Patch offline the APK using apk-mitm and then install it in a device: Bypass SSL Pinning - Method 1: apk-mitm

2. Use Objection Explore in runtime. When you run the app, it should result in a pause at the application startup screen. At this point, you can connect to a Frida server that should be listening on the device: Bypass SSL Pinning - Method 2: With Objection Explore

3. Use a script with Frida to automate the process of hooking the functions which avoid the interception traffic: Bypass SSL Pinning - Method 3: With root_bypass.js