Bypass all connections handshake without the script
Closed this issue · 2 comments
Hi there,
I was doing a little test of. your application and I found that I was able to get the connectivity of the communication of the flutter application (http/https/DIO) without run the Frida script.
I have already patched the engine with the "reflutter proyect" patches... (the hook is done in session_verify() not in ssl_verify_peer_cert()
Any idea of what could be happening?
Thanks in advance :)
Hi there,
I was testing your POC application and I verified that for HTTPs and pinning(DIO) connection, the app is reaching the session_verify() function, so I am not able to find a case where the patch in the session_verify() would not cover the pinning connection.
Could be possible to share the original app, when you found that the patch/hook in cert_verify were needed?
Thanks in advance
Fernando
Well it makes sense that if you use reflutter on your app, you won't need this Frida script, as they do similar things.
The app that made me change the approach was one that isn't available publicly. It used some kind of hook to implement custom SSL pinning though.