/Facebook-SSL-Pinning-Bypass

Bypass Facebook SSL pinning on Android devices.

Primary LanguageJavaScriptGNU General Public License v3.0GPL-3.0

Facebook SSL Pinning Bypass

Bypass Facebook SSL pinning on Android devices.
Supported ABIs: x86, x86_64, armeabi-v7a, arm64-v8a
Latest version: v417.0.0.33.65

If you like this project:
"Buy Me A Coffee"

Bitcoin: bc1q6kvvun3cfm5kadesxflntszp8z9lqesra35law
Ethereum: 0x47633Ef59b0F765b7f8047b0A56230cfeBB34027

Patched APK (No Root)

facebook-v417.0.0.33.65-x86.apk

facebook-v417.0.0.33.65-armeabi-v7a.apk

facebook-v417.0.0.33.65-arm64-v8a.apk

See all versions

Note: You need to uninstall the Facebook app before trying to install it, if Facebook is installed as a system app then you can not uninstall it without root so this method will not work in that case.

Run using Frida (Requires Root)

This method requires frida-tools and also frida-server running in the device

frida -U -l .\facebook-ssl-pinning-bypass.js -f com.facebook.katana --no-pause

Intercept network traffic

You can use a tool like mitmproxy or Burp Suite to intercept the network.

  1. Install patched APK in the device
  2. Install mitmproxy or Burp Suite
  3. Set up proxy for wifi settings or run: adb shell settings put global http_proxy <proxy>

Now you should be able to see the network traffic.

View script logs

To view the logcat run:

adb logcat -s "FACEBOOK_SSL_PINNING_BYPASS:V"

#leftenter ftenter)