# SSL Pinning

## Frida

* [Frida Mobile Interception Scripts (HTTP Toolkit)](https://github.com/httptoolkit/frida-interception-and-unpinning)

## Objection

```shell
android sslpinning disable
```

## Flutter

### ProxyDroid + Frida

* Burp Suite -> Proxy -> Proxy settings -> Proxy listeners -> Edit
  * Bind to port: 8080
  * Bind to address: All interfaces
  * Request handling -> Support invisible proxying

<figure><img src="https://4246376570-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwMoluillTs3tmwBLdFuL%2Fuploads%2FIU5Dh5GNyZha0CjQwUjI%2Fburp-suite-edit-proxy-listener-binding.png?alt=media&#x26;token=6f0466ce-0bdb-44ad-a44a-100f9a870ba9" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4246376570-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwMoluillTs3tmwBLdFuL%2Fuploads%2FYGVIvsqqwK8zqwf3qAyI%2Fburp-suite-edit-proxy-listener-request-handling.png?alt=media&#x26;token=08636112-6e7c-46c1-94ec-15b075b665c2" alt=""><figcaption><p>Activar opción "Support invisible proxying"</p></figcaption></figure>

* [ProxyDroid](https://play.google.com/store/apps/details?id=org.proxydroid)
  * Host: IP Burp Suite
  * Port: 8080
  * Proxy Type: HTTP
  * Global Proxy: on / activated
* [disable-flutter-tls.js](https://github.com/NVISOsecurity/disable-flutter-tls-verification/blob/main/disable-flutter-tls.js)

```sh
frida -U -f <app-package-name> -l disable-flutter-tls.js
frida -H <device-IP-address> -f <app-package-name> -l disable-flutter-tls.js
```

### reFlutter

* Burp Suite -> Proxy -> Proxy settings -> Proxy listeners -> Edit
  * Bind to port: 8083
  * Bind to address: Specific address
  * Request handling -> Support invisible proxying

<figure><img src="https://4246376570-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwMoluillTs3tmwBLdFuL%2Fuploads%2FCPPybuSDSduxIfJorsRd%2Fburp-suite-edit-proxy-listener-binding-specific-address.png?alt=media&#x26;token=4b13c463-53b2-4356-95df-e7ce3cc2be76" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4246376570-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwMoluillTs3tmwBLdFuL%2Fuploads%2FYGVIvsqqwK8zqwf3qAyI%2Fburp-suite-edit-proxy-listener-request-handling.png?alt=media&#x26;token=08636112-6e7c-46c1-94ec-15b075b665c2" alt=""><figcaption><p>Activar opción "Support invisible proxying"</p></figcaption></figure>

* [reFlutter](https://github.com/Impact-I/reFlutter)

```sh
reflutter application.apk
java -jar uber-apk-signer.jar --allowResign -a release.RE.apk
adb install release.RE-aligned-debugSigned.apk
```