react-native-ssl-pinning icon indicating copy to clipboard operation
react-native-ssl-pinning copied to clipboard
verified publisher icon MaxToyberman

SSL Pinning is Bypassed through Frida

Open pavan-bora-tudip opened this issue 3 years ago • 3 comments

I am creating an android application which is able to ping the server for certain information and return them. There are a few methods by which a user can bypass the pinned SSL certificate of an android application by using tools like Frida, Objection, etc. Is there a way to prevent the bypass of SSL certificate in android. so that, the user cannot be able to see the traffic? (assume the user phone is rooted)

Package Used: react-native-ssl-pinning

pavan-bora-tudip avatar Nov 17 '22 14:11 pavan-bora-tudip

You can Implement AntiFrida Detection for Android. https://github.com/darvincisec/DetectFrida

chathuralakmal avatar Feb 25 '23 16:02 chathuralakmal

How implement it? There is not any doc to follow, and install it.

RogerBrusamarello avatar Mar 06 '23 13:03 RogerBrusamarello

@RogerBrusamarello Just follow the sample in GitHub. it's an Android Project. you can do the same for your project.

Ex: in Gradle you have to add this code. externalNativeBuild { cmake { path "src/main/c/CMakeLists.txt" version "3.10.2" } }

chathuralakmal avatar Mar 06 '23 14:03 chathuralakmal