SSL Pinning

Frida

• Frida Mobile Interception Scripts (HTTP Toolkit)

Objection

android sslpinning disable

Flutter

ProxyDroid + Frida

• Burp Suite -> Proxy -> Proxy settings -> Proxy listeners -> Edit

  • Bind to port: 8080

  • Bind to address: All interfaces

  • Request handling -> Support invisible proxying

• ProxyDroid

  • Host: IP Burp Suite

  • Port: 8080

  • Proxy Type: HTTP

  • Global Proxy: on / activated

• disable-flutter-tls.js

frida -U -f <app-package-name> -l disable-flutter-tls.js
frida -H <device-IP-address> -f <app-package-name> -l disable-flutter-tls.js

reFlutter

• Burp Suite -> Proxy -> Proxy settings -> Proxy listeners -> Edit

  • Bind to port: 8083

  • Bind to address: Specific address

  • Request handling -> Support invisible proxying

• reFlutter

reflutter application.apk
java -jar uber-apk-signer.jar --allowResign -a release.RE.apk
adb install release.RE-aligned-debugSigned.apk