{"id":13844065,"url":"https://github.com/kensh1ro/flutter-ssl-bypass","last_synced_at":"2025-07-11T21:32:51.417Z","repository":{"id":133790453,"uuid":"354774414","full_name":"kensh1ro/flutter-ssl-bypass","owner":"kensh1ro","description":"Flutter SSL pinning bypass using IP forwarding","archived":false,"fork":false,"pushed_at":"2022-06-13T12:30:16.000Z","size":29,"stargazers_count":47,"open_issues_count":0,"forks_count":10,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-08-05T17:40:46.224Z","etag":null,"topics":["burpsuite","bypass","flutter","okhttp3","pinning","proxy","ssl","ssl-bypass","ssl-pinning","xamarain"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kensh1ro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-04-05T08:55:28.000Z","updated_at":"2024-06-20T16:56:59.000Z","dependencies_parsed_at":"2024-02-08T20:59:22.232Z","dependency_job_id":"a9aa77bd-42f2-4fe1-a78d-a472a93ed35d","html_url":"https://github.com/kensh1ro/flutter-ssl-bypass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kensh1ro%2Fflutter-ssl-bypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kensh1ro%2Fflutter-ssl-bypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kensh1ro%2Fflutter-ssl-bypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kensh1ro%2Fflutter-ssl-bypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kensh1ro","download_url":"https://codeload.github.com/kensh1ro/flutter-ssl-bypass/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225763235,"owners_count":17520424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burpsuite","bypass","flutter","okhttp3","pinning","proxy","ssl","ssl-bypass","ssl-pinning","xamarain"],"created_at":"2024-08-04T17:02:33.881Z","updated_at":"2024-11-21T16:30:29.600Z","avatar_url":"https://github.com/kensh1ro.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# flutter-ssl-bypass\n\n### tested on linux and osx\n## i will assume that you already have burp's certificate installed to system CA store, if not then follow along\n\nATTENTION: this needs a rooted device\n\nafter exporting Burp's DER certificate, we need to change it to PEM format, although this isn't necessary, but it seems that Android CA store doesn't like DER format\n\n`openssl x509 -inform der -in $CERT_NAME -out certificate.pem`\n\n`openssl x509 -inform PEM -subject_hash_old -in certificate.pem | head -1` #my output was 9a5ba575\n\nrename \"certificate.pem\" to the above command's output, for example:\n`mv certificate.pem 9a5ba575.0`\n\nnow make sure you have an ADB connection to your device\n\n`adb push 9a5ba575.0 /sdcard`\n\n`adb shell`\n\n`su`\n\n`mount -o rw,remount /system`\n\n`cp /sdcard/9a5ba575.0 /system/etc/security/cacerts`\n\n`chmod 644 /system/etc/security/cacerts/9a5ba575.0`\n\n`chown root:root /system/etc/security/cacerts/9a5ba575.0`\n\nafter that you should REBOOT!\n\n**i will demonstrate by example to make the method easier to apply**\n\nYou will need:\n- Android device (rooted physical phone preferred)\n- a PC with linux installed\n- a brain ;)\n\nlets assume that our android device has the IP address 192.168.1.7\nand linux PC got 192.168.1.9\n\n## 1) **First step is to add the linux PC as a gateway for our Android device**\n\n![image](https://user-images.githubusercontent.com/46089361/115142889-ccde2000-a04c-11eb-859f-9d5501a83f5c.png)\n\n\n## 2) **Second step is to forward http/https traffic to Burp Suite** \nthis step here only differs for osx users\n\n### for linux:\n`iptables -t nat -A PREROUTING -p tcp -j REDIRECT --dport 443 --to-ports 8080`\n\n`sysctl -w net.ipv4.ip_forward=1`\n\nNOTE: you can also add a redirect for port 80 to 8080 by changing `--dport 443` to `--dport 80`\n### for osx:\n`sudo sysctl -w net.inet.ip.forwarding=1`\n\n`echo 'rdr pass inet proto tcp from any to any port {80,443} -\u003e 127.0.0.1 port 8080' \u003e pfctl.txt`\n\n`sudo pfctl -f pfctl.txt -e`\n\n\n\n## 3) **Third step is to let Burp Suite capture the forwarded traffic**\nmake sure to enable invisible proxying\n\n![image](https://user-images.githubusercontent.com/46089361/115143520-868ac000-a050-11eb-9fad-5e3829a1f7da.png)\n\n\nalso you might want to listen on all interfaces, to avoid ip configuration hastle\n\n\n![image](https://user-images.githubusercontent.com/46089361/115143599-0ca70680-a051-11eb-85b8-1eda41c4fce3.png)\n\nat the end it should look something like this (pay attention to the User Agent):\n\n![image](https://user-images.githubusercontent.com/46089361/115143751-dae26f80-a051-11eb-9d25-a74a9219d451.png)\n\n## NOTE: This is applicable on all non-proxy aware libraries (Xamarin, Okhttp3..)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkensh1ro%2Fflutter-ssl-bypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkensh1ro%2Fflutter-ssl-bypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkensh1ro%2Fflutter-ssl-bypass/lists"}