Enjoying our content? Subscribe:
iOS SSL Pinning basic bypass with Frida
Almost all modern mobile applications use SSL Pinning for securing communications with the back-end instead of operating system certificate storage. It's a kind of a challenge for security experts who are interested in mobile applications security research or need to perform API penetration testing.
SSL pinning challenge is relevant particularly to iOS because Apple does not provide any official tools, like an emulator, to bypass it. Thus, the researchers must search for devices with outdated iOS versions supported by JailBreaking tools.
It allows us to install additional packages, enabling security researchers to bypass SSL Pinning. Today I'll show you how to perform SSL Pinning bypass on JailBroken devices from Windows host.
SSL pinning challenge is relevant particularly to iOS because Apple does not provide any official tools, like an emulator, to bypass it. Thus, the researchers must search for devices with outdated iOS versions supported by JailBreaking tools.
It allows us to install additional packages, enabling security researchers to bypass SSL Pinning. Today I'll show you how to perform SSL Pinning bypass on JailBroken devices from Windows host.
1. Setup of reverse engineering environment on Windows
Download and install the latest version of Python3.
Add python to the PATH environment variable.
Add python to the PATH environment variable.
Download installation script:
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
Run the following command in the folder where you have downloaded get-pip.py:
python get-pip.py
Also, add pip to the PATH environment variable
Check valid installation
pip help
Optional: Update pip. Option -U means update
pip install -U pip
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
Run the following command in the folder where you have downloaded get-pip.py:
python get-pip.py
Also, add pip to the PATH environment variable
Check valid installation
pip help
Optional: Update pip. Option -U means update
pip install -U pip
Install frida
pip install Frida
Install frida-tools; it's an additional console tool that will help you to use frida
pip install frida-tools
Check installation
frida --version
pip install Frida
Install frida-tools; it's an additional console tool that will help you to use frida
pip install frida-tools
Check installation
frida --version
2. iPhone tuning
Check the actual version of Jailbreak tools and supported iOS version.
After a successful Jailbreak, install the Cydia app.
After a successful Jailbreak, install the Cydia app.
In the Cydia, add Frida's repository by going to:
Manage -> Sources -> Edit -> Add and enter https://build.frida.re.
Now you should be able to install the Frida package. It happens over USB, so you will need to have your USB cable and ensure that it works. Run the next command in Windows:
frida-ps -Uai
If you have received a list of running applications on the iPhone, everything works well.
Here is an output example:
frida-ps -Uai
PID Name Identifier
--- ------------- -----------------------------
512 Clubhouse co.alphaexploration.clubhouse
523 Safari com.apple.mobilesafari
473 Settings com.apple.Preferences
- App Store com.apple.AppStore
- Books com.apple.iBooks
- Calculator com.apple.calculator
- Calendar com.apple.mobilecal
- Camera com.apple.camera
- Clock com.apple.mobiletimer
- Compass com.apple.compass
- Contacts com.apple.MobileAddressBook
- Cydia com.saurik.CydiaSSL Pinning bypass
Manage -> Sources -> Edit -> Add and enter https://build.frida.re.
Now you should be able to install the Frida package. It happens over USB, so you will need to have your USB cable and ensure that it works. Run the next command in Windows:
frida-ps -Uai
If you have received a list of running applications on the iPhone, everything works well.
Here is an output example:
frida-ps -Uai
PID Name Identifier
--- ------------- -----------------------------
512 Clubhouse co.alphaexploration.clubhouse
523 Safari com.apple.mobilesafari
473 Settings com.apple.Preferences
- App Store com.apple.AppStore
- Books com.apple.iBooks
- Calculator com.apple.calculator
- Calendar com.apple.mobilecal
- Camera com.apple.camera
- Clock com.apple.mobiletimer
- Compass com.apple.compass
- Contacts com.apple.MobileAddressBook
- Cydia com.saurik.CydiaSSL Pinning bypass
3. Perform iOS SSL Pinning Bypass
We suggest you to use a script available on codeshare.Frida.re, which allows bypass automatically most common SSL Pinning mechanisms. You can run the next command and observe results:
frida --codeshare federicodotta/ios13-pinning-bypass -f co.alphaexploration.clubhouse -U --no-pause
Here is an explanation of each parameter:
Want to check the same guide for Android? Check it here - SSL pinning bypass for Android.
Want to cut the corner and get your app tested by proven experts? Here's our Mobile penetration testing service or hire us right now :)
frida --codeshare federicodotta/ios13-pinning-bypass -f co.alphaexploration.clubhouse -U --no-pause
Here is an explanation of each parameter:
- codeshare federicodotta/ios13-pinning-bypass - means that frida has to load the next script from the codeshare.frida.re and inject it.
- co.alphaexploration.clubhouse - points to the identifier of application in which will be injected script
- U - a parameter that points Frida to use USB connected device as a target.
- no-pause - a parameter that forces Frida not to pause app execution after spawning and injecting the code.
Want to check the same guide for Android? Check it here - SSL pinning bypass for Android.
Want to cut the corner and get your app tested by proven experts? Here's our Mobile penetration testing service or hire us right now :)
Sergey Khariuk
Cyberlands, Co-founder & chief technical officer