Messenger SSL Pinning Bypass
Bypass Messenger SSL pinning on Android devices.
Supported ABIs: arm64-v8a, x86
Latest version: v388.0.0.23.106
If you like this project:
Patched APK (No Root)
Download the latest patched APK:
Run using Frida (Requires Root)
This method requires frida-tools and also frida-server running in the device
frida -U -l .\messenger-ssl-pinning-bypass.js -f com.facebook.orca
Patch APK
You can create your own patched APK.
Requirements Linux (Ubuntu):
- Install java JRE:
sudo apt install default-jre - Install apksigner:
sudo apt install apksigner - Install zipalign:
sudo apt install zipalign
Note: apksigner and zipalign can also be found in android sdk build-tools
Requirements Windows:
- Install java JRE
- Download build-tools and unzip
- Add unzip folder to path variable
Instructions
- Download Messenger apk file.
- Install requirements >
pip install -r requirements.txt - Run script >
python patch_apk.py -i <input apk> -o <output apk>
After that an patched apk file should be generated.
Intercept network traffic
You can use a tool like mitmproxy or Burp Suite to intercept the network.
- Install patched APK in the device
- Install mitmproxy or Burp Suite
- Set up proxy for wifi settings or run:
adb shell settings put global http_proxy <proxy>
Now you should be able to see the network traffic.
View script logs
To view the logcat run:
adb logcat -s "MESSENGER_SSL_PINNING_BYPASS:V"