Cyberlands.io - API Penetration Testing

iOS SSL Pinning basic bypass with Frida

Almost all modern mobile applications use SSL Pinning for securing communications with the back-end instead of operating system certificate storage. It's a kind of a challenge for security experts who are interested in mobile applications security research or need to perform API penetration testing.

SSL pinning challenge is relevant particularly to iOS because Apple does not provide any official tools, like an emulator, to bypass it. Thus, the researchers must search for devices with outdated iOS versions supported by JailBreaking tools.

It allows us to install additional packages, enabling security researchers to bypass SSL Pinning. Today I'll show you how to perform SSL Pinning bypass on JailBroken devices from Windows host.
1. Setup of reverse engineering environment on Windows
Install python3
Download and install the latest version of Python3.

Add python to the PATH environment variable.
Install pip
Download installation script:

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

Run the following command in the folder where you have downloaded get-pip.py:

python get-pip.py


Also, add pip to the PATH environment variable


Check valid installation

pip help


Optional: Update pip. Option -U means update

pip install -U pip


Install Frida
Install frida

pip install Frida


Install frida-tools; it's an additional console tool that will help you to use frida

pip install frida-tools


Check installation

frida --version


2. iPhone tuning
Perform Jailbreak
Check the actual version of Jailbreak tools and supported iOS version.

After a successful Jailbreak, install the Cydia app.

Install Frida
In the Cydia, add Frida's repository by going to:

Manage -> Sources -> Edit -> Add and enter https://build.frida.re.


Now you should be able to install the Frida package. It happens over USB, so you will need to have your USB cable and ensure that it works. Run the next command in Windows:

frida-ps -Uai


If you have received a list of running applications on the iPhone, everything works well.
Here is an output example:

frida-ps -Uai
PID Name Identifier
--- ------------- -----------------------------
512 Clubhouse co.alphaexploration.clubhouse
523 Safari com.apple.mobilesafari
473 Settings com.apple.Preferences
- App Store com.apple.AppStore
- Books com.apple.iBooks
- Calculator com.apple.calculator
- Calendar com.apple.mobilecal
- Camera com.apple.camera
- Clock com.apple.mobiletimer
- Compass com.apple.compass
- Contacts com.apple.MobileAddressBook
- Cydia com.saurik.CydiaSSL Pinning bypass


3. Perform iOS SSL Pinning Bypass
We suggest you to use a script available on codeshare.Frida.re, which allows bypass automatically most common SSL Pinning mechanisms. You can run the next command and observe results:

frida --codeshare federicodotta/ios13-pinning-bypass -f co.alphaexploration.clubhouse -U --no-pause


Here is an explanation of each parameter:

  • codeshare federicodotta/ios13-pinning-bypass - means that frida has to load the next script from the codeshare.frida.re and inject it.
  • co.alphaexploration.clubhouse - points to the identifier of application in which will be injected script
  • U - a parameter that points Frida to use USB connected device as a target.
  • no-pause - a parameter that forces Frida not to pause app execution after spawning and injecting the code.


Want to check the same guide for Android? Check it here - SSL pinning bypass for Android.

Want to cut the corner and get your app tested by proven experts? Here's our Mobile penetration testing service or hire us right now :)
Sergey Khariuk
Cyberlands, Co-founder & chief technical officer