{"id":13538409,"url":"https://github.com/wooyundota/droidsslunpinning","last_synced_at":"2025-04-02T05:31:14.479Z","repository":{"id":32411004,"uuid":"35987887","full_name":"WooyunDota/DroidSSLUnpinning","owner":"WooyunDota","description":"Android certificate pinning disable tools","archived":false,"fork":false,"pushed_at":"2020-04-07T05:38:52.000Z","size":1857,"stargazers_count":1403,"open_issues_count":4,"forks_count":347,"subscribers_count":35,"default_branch":"master","last_synced_at":"2025-03-13T14:37:01.143Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WooyunDota.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-05-21T03:06:01.000Z","updated_at":"2025-03-11T10:13:00.000Z","dependencies_parsed_at":"2022-07-19T12:59:10.315Z","dependency_job_id":null,"html_url":"https://github.com/WooyunDota/DroidSSLUnpinning","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WooyunDota%2FDroidSSLUnpinning","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WooyunDota%2FDroidSSLUnpinning/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WooyunDota%2FDroidSSLUnpinning/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WooyunDota%2FDroidSSLUnpinning/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WooyunDota","download_url":"https://codeload.github.com/WooyunDota/DroidSSLUnpinning/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246763805,"owners_count":20829795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:11.553Z","updated_at":"2025-04-02T05:31:14.207Z","avatar_url":"https://github.com/WooyunDota.png","language":"JavaScript","funding_links":[],"categories":["\u003ca id=\"06fccfcc4faa7da54d572c10ef29b42e\"\u003e\u003c/a\u003e移动\u0026\u0026Mobile","\u003ca id=\"2110ded2aa5637fa933cc674bc33bf21\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"fe88ee8c0df10870b44c2dedcd86d3d3\"\u003e\u003c/a\u003eAndroid","\u003ca id=\"63fd2c592145914e99f837cecdc5a67c\"\u003e\u003c/a\u003e新添加的1"],"readme":"# 安卓证书锁定解除的工具\n\n**经常有朋友问我,手机安装代理证书后这个app的https流量依然抓不到明文包该如何操作,这种情况基本是遇到证书锁定了,分享下我的操作.**\n\n- [x] 目录ObjectionUnpinningPlus增加了ObjectionUnpinning没覆盖到的锁定场景.([objection](https://github.com/sensepost/objection))\n\t- 使用方法1 attach : frida -U com.example.mennomorsink.webviewtest2 --no-pause -l hooks.js\n\t- 使用方法2 spawn : frida -U -f com.example.mennomorsink.webviewtest2 -l hooks.js --no-pause\n\t- 更为详细使用方法:参考我的文章 [Frida.Android.Practice(ssl unpinning)](https://github.com/WooyunDota/DroidDrops/blob/master/2018/Frida.Android.Practice.md) 实战ssl pinning bypass 章节 .\n- [x] ObjectionUnpinningPlus hook list:\n\t- SSLcontext(ART only)\n\t- okhttp\n\t- webview\n\t- XUtils(ART only)\n\t- httpclientandroidlib\n\t- JSSE\n\t- network\\_security\\_config (android 7.0+)\n\t- Apache Http client (support partly)\n\t- OpenSSLSocketImpl\n\t- TrustKit\n\t- Cronet\n- [x] 若有没有覆盖到的场景可以联系我微博https://weibo.com/luoding1991.\n- [x] 如遇双向锁定即客户端锁定后服务端也对客户端证书验证checkClientTrusted,还需将证书文件导入代理软件,可能会有密码但必然会存在客户端中.\n- [x] xposed版本直接使用 https://github.com/Fuzion24/JustTrustMe 建议自己编译.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwooyundota%2Fdroidsslunpinning","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwooyundota%2Fdroidsslunpinning","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwooyundota%2Fdroidsslunpinning/lists"}