无法绕过ssl pinning
ZhouZiyi1 opened this issue · comments
Jeremy (Zhou Ziyi) commented
类似issue #38,我显示的结果如下。但是我在app的代码里,没看到org.chromium.net.AndroidNetworkLibrary这个类,frida直接hook也显示这个类不存在。请问这种情况是什么原因,怎么hook呢?谢谢。
2022-08-17 15:11:30.854 | INFO | __main__:on_message:222 - SSLpinning position locator => /system/etc/security/cacerts aec28df6.0
2022-08-17 15:11:30.855 | INFO | __main__:on_message:223 - java.lang.Throwable
at java.io.File.<init>(Native Method)
at android.security.net.config.DirectoryCertificateSource.findCerts(DirectoryCertificateSource.java:144)
at android.security.net.config.DirectoryCertificateSource.findAllByIssuerAndSignature(DirectoryCertificateSource.java:115)
at android.security.net.config.SystemCertificateSource.findAllByIssuerAndSignature(SystemCertificateSource.java:27)
at android.security.net.config.CertificatesEntryRef.findAllCertificatesByIssuerAndSignature(CertificatesEntryRef.java:65)
at android.security.net.config.NetworkSecurityConfig.findAllCertificatesByIssuerAndSignature(NetworkSecurityConfig.java:146)
at android.security.net.config.TrustedCertificateStoreAdapter.findAllIssuers(TrustedCertificateStoreAdapter.java:46)
at com.android.org.conscrypt.TrustManagerImpl.findAllTrustAnchorsByIssuerAndSignature(TrustManagerImpl.java:936)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:560)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:507)
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:335)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:113)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:133)
at java.lang.reflect.Method.invoke(Native Method)
at android.net.http.X509TrustManagerExtensions.checkServerTrusted(X509TrustManagerExtensions.java:101)
at dh.a(:com.google.android.gms.dynamite_cronetdynamite@221215065@22.12.15 (100400-0):1)
at di.b(:com.google.android.gms.dynamite_cronetdynamite@221215065@22.12.15 (100400-0):18)
at org.chromium.net.AndroidNetworkLibrary.verifyServerCertificates(:com.google.android.gms.dynamite_cronetdynamite@221215065@22.12.15 (100400-0):1)
Jeremy (Zhou Ziyi) commented
Frida 指定classloader hook动态加载的类
参考:https://blog.csdn.net/qq_39441603/article/details/126732909