00:00 - Introduction, talking about RouterSpace and why we can't just do what we did in that video
01:25 - Installing Genymotion, Virtual Box, and ADB; while talking about why I don't use Android Studio/AVD. Simply because genymotion just works.
02:05 - Make sure you upgrade your memory, processors, and enable Virtualization in your VM Settings!
02:30 - Running Genymotion and starting a Pixel 3 XL
03:37 - Converting BurpSuites Certificate to PEM Format with openssl x509 -inform der -in [name of cert] -out burp.pem
04:20 - Renaming the certificate to 9a5ba575.0, and showing how we got that name
06:00 - Starting the device and showing the certificate authorities
07:00 - Copying the certificate to /system/etc/security/cacerts/, and showing how to remount to rw
08:10 - Showing how to set the proxy through both the GUI and via ADB
09:50 - Installing GAPPS
10:30 - Showing how to unset the proxy from ADB
11:00 - Creating an alias to set and unset the proxy via adb
12:00 - Opening the google play store and logging in and install Wayzn to see if we can intercept traffic
15:20 - Showing we intercepted traffic from Wayzn, then installing Instagram
16:50 - Attempting to login to instagram and getting an error message
17:20 - Setting up Frida both on our computer and android device
19:20 - Showing Frida is working, getting ps output from the android device
19:55 - Downloading the instragram ssl pinning bypass script
21:20 - Using frida to start instagram and loading the script to bypass the SSL Checking
22:15 - Setting the proxy and showing us intercept instagram traffic
cdcurllocalhost:8080/cert-ocert.dersudomvcert.der/usr/share/ca-certificates/BurpSuiteCA.deropensslx509-informder-in/usr/share/ca-certificates/BurpSuiteCA.der-outburp.pemopensslx509-informPEM-subject_hash_old-inburp.pemmvburp.pem9a5ba575.0# Output from above
To start capturing traffic with BurpSuite, set the proxy listener to All interfaces
Set the proxy usage on the device, with the KaliVM IP
adbshellsettingsputglobalhttp_proxy192.168.31.128:8080# Create an alias for set and unset proxyalias adb_set_proxy="adb shell settings put global http_proxy $(ip -o -4 addr show eth1 | awk '{print $4}' | sed 's/\/.*//g'):8080"
alias adb_unset_proxy="adb shell settings put global http_proxy :0"
From Genymotion, click OpenGAPPS to install Gapps on the device and restart the device.
# Disable proxyadb_unset_proxy
Run Play Store on the device and install apps
e.g. - Wayzn, Instagram - in this case
Try to set the proxy, turn BurpSuite intercept on and login into the Wayzn app
adb_set_proxy
Open Instagram and try to login. Unable to log in with proxy set.
# On KaliVMpipxinstallfrida-tools# On deviceadbshelluname-aLinuxlocalhost5.10.101-genymotion+-ab74#1 SMP PREEMPT Thu Dec 1 14:03:02 UTC 2022 x86_64# x86_64 - Download frida-server-16.1.1-android-x86_64.xzexitwgethttps://github.com/frida/frida/releases/download/16.1.1/frida-server-16.1.1-android-x86_64.xz7zxfrida-server-16.1.1-android-x86_64.xzmvfrida-server-16.1.1-android-x86_64frida-serveradbpushfrida-server/data/local/tmp/adbshell"chmod 755 /data/local/tmp/frida-server"adbshell"/data/local/tmp/frida-server &"
Check Frida is working
frida-ps-U# This is device outputPIDName-----------------------------------------------------------------5446GooglePlayStore6085Instagram1960Phone5249Wayzn473adbd1268android.ext.services [...]
Download the Instagram SSL Pinning Bypass script 22:15 - Setting the proxy and showing us intercept instagram traffic
sudo mkdir -p /opt/android/instagram
cd /opt/android/instagram
sudo wget https://raw.githubusercontent.com/Eltion/Instagram-SSL-Pinning-Bypass/main/instagram-ssl-pinning-bypass.js
Force stop Instagram app from App info
Use Frida to start Instagram and load the script to bypass the SSL Checking
