mangledbottles
update
A few simple edits made this repo functional again. What did you use to monitor the network requests? I haven't had any luck with Charles. The certificate isn't working for musical.ly
Any chance someone has an apk with ssl pinning removed so I can finish out this repo?
There is Xposed modele called “Inspectage” but it didn’t disable ssl pinning for me - I tried, Musially says that my Internet is slow (ssl pinning error?).
I think that there is only one way: decompile -> force the app to not throw ssl pinning exceptions -> compile -> install and debug with Charles. But I don’t have the APK, so...
Anyone know how to edit Android code? (iOS is native so I think that decompilation is not possible.)
@Enter03 if you visit this URL you can scroll down to "Previous Versions" to download the APK. I've been using 5.7.1 https://musical-ly.en.uptodown.com/android
I will review the pull request soon. Musically API is SSL secured and SSL pinned. I bypassed SSL security with Charles Proxy SSL Certificate and bypassed SSL pinning with repository SSL KillSwitch: https://github.com/nabla-c0d3/ssl-kill-switch2 When substrate is released for iOS 11 I will install SSL KillSwitch and MITM Musically, in the mean time I will see what we can do with what we have!
Login functionality fixed: https://github.com/mangledbottles/Musically-API/commit/d1f2800b5bfc3daeb8839930b507b9e12e0ec714
User search returns "403 Forbidden"
The SSL pinning on Android is happening in the native layer. At least it is for Lively anyway. It's gonna be tricky to disable it but I'll give it a go!
EDIT: Musically (and Lively) are not SSL pinned or secured. I can intercept all requests using a packet capture app on my Android device.
