Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/culturally/instagram-ios-ssl-pinning-bypass

iOS Instagram with SSL pinning / certificate pinning bypassed. Latest version 354.0.0
https://github.com/culturally/instagram-ios-ssl-pinning-bypass

bypass certificate-pinning frida frida-script instagram instagram-api instagram-bypass instagram-ios instagram-ssl-pinning intercept intercept-traffic-instagram ios jailbreak jailbreak-script mitmproxy no sniffing ssl-pinning

Last synced: about 2 months ago
JSON representation

iOS Instagram with SSL pinning / certificate pinning bypassed. Latest version 354.0.0

Host: GitHub
URL: https://github.com/culturally/instagram-ios-ssl-pinning-bypass
Owner: culturally
Created: 2024-03-25T20:42:33.000Z (10 months ago)
Default Branch: main
Last Pushed: 2024-11-16T22:40:53.000Z (2 months ago)
Last Synced: 2024-11-16T23:22:06.313Z (2 months ago)
Topics: bypass, certificate-pinning, frida, frida-script, instagram, instagram-api, instagram-bypass, instagram-ios, instagram-ssl-pinning, intercept, intercept-traffic-instagram, ios, jailbreak, jailbreak-script, mitmproxy, no, sniffing, ssl-pinning
Homepage:
Size: 422 KB
Stars: 18
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Instagram

Instagram iOS with SSL pinning bypassed / Instagram with certificate pinning bypassed.

Get your private api endpoints now! 

- DO NOT NEED JAILBREAK 

- DO NOT NEED FRIDA

## Support Me

**Bitcoin:** 1LightUfhnFKgZqcsfiKoxciQbPB384PqM   

**Solana:** 4a91vFCz8SjnqWiJpFuLWwWFpWdT9dZq13hG4o8icv2n   

**Litecoin:** MFi28zedB78kaNiRpi9eBkFRTtGZNoxcWv   

## Info

- Current version which was bypassed: 351.0.0

- You can now intercept all requests

- iOS Only

- Tested on iOS 15.4.1

- Any support is appreciated

 

## Installation

1. Download the IPA file

2. Sideload the file (I personally suggest [Sideloadly](https://sideloadly.io/) or [TrollStore](https://github.com/opa334/TrollStore))

3. Set up the proxy before starting the app (Was tested only with mitmproxy)

4. Intercept

## Crashing Issue

- Many people experienced crashing after login this is caused somehow by sideloading you have to sideload it using TrollStore to stop the crashing

## Bypassed:

| Icon | Bundle ID | Version | File Type | Download |

| ------------------ |:------:|:------:|:------:|:------:|

| | [com.burbn.instagram](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/354.0.0/Instagram354.0.0.ipa) | 354.0.0 | IPA | [Click here](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/354.0.0/Instagram354.0.0.ipa) |

| | [com.burbn.instagram](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/351.0.0/Instagram351.0.0.ipa) | 351.0.0 | IPA | [Click here](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/351.0.0/Instagram351.0.0.ipa) |

| | [com.burbn.instagram](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/337.0.2/Instagram337.0.2.ipa) | 337.0.2 | IPA | [Click here](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/337.0.2/Instagram337.0.2.ipa) |

| | [com.burbn.instagram](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/335.0.8/Instagram335.0.8.ipa) | 335.0.8 | IPA | [Click here](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/335.0.8/Instagram335.0.8.ipa) |

| | [com.burbn.instagram](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/323.0.3/Instagram323.0.3.ipa) | 323.0.3 | IPA | [Click here](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/releases/download/323.0.3/Instagram323.0.3.ipa) |

## Wanna learn how to bypass SSL pinning in apps or Do you have custom request for an App?

Message me on Telegram: [@undecryptable](https://t.me/undecryptable)

Other apps available

## Evidence

![](https://github.com/culturally/Instagram-iOS-SSL-pinning-bypass/blob/main/ev.jpg)

## What is SSL pinning?

SSL pinning, also known as certificate pinning or public key pinning, is a security mechanism used in digital communication to enhance the security of a connection, particularly within the context of Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS).

When a client (such as a web browser or a mobile app) connects to a server over HTTPS, the server presents its SSL/TLS certificate to prove its identity. Normally, the client verifies the server's certificate by checking if it is signed by a trusted Certificate Authority (CA). However, SSL pinning adds an extra layer of security by requiring the client to validate the server's certificate against a known, pre-configured set of certificates or public keys, rather than solely relying on the CA's trust chain.

## Disclaimer

This project is for educational purposes only. It demonstrates bypassing SSL pinning in binaries, such as those used by Instagram/Meta, to help developers and researchers understand security vulnerabilities.

There is no intent to harm, exploit, or encourage illegal activities. If Instagram/Meta or any other party has concerns, please contact me at [email protected], and I will address the issue or take down the project as requested.

Use of this project is at your own risk; the creator is not responsible for any misuse.