SSL Pinning bypass using retrofit

53 Views Asked by Abdul Basit Awan At 11 March 2024 at 10:52

I am using issue that Info Sec team can bypass my SSL certificate using frida and Objection so I attached SSL certificate while calling the api using retrofit. please provide me a solution that no one can bypass my certificate. Even I added certificate validation in my code. when info sec team run the application first time they are showing certificate validation error so after this they run a script of Frida or objection script then they bypass the certificate and easily login to the application and started getting the apis responses. Here is my code:

    @Singleton
    @Provides
    fun taboraCC(
        context: Application,
        httpLoggingInterceptor: HttpLoggingInterceptor,
        apiHeadersInterceptor: ApiHeadersInterceptor
    ): OkHttpClient {

        val okHttpBuilder = certificatePinning(context)
        okHttpBuilder
            .addInterceptor(httpLoggingInterceptor)
            .addInterceptor(apiHeadersInterceptor)
            .connectTimeout(CLIENT_TIME_OUT, TimeUnit.SECONDS)
            .writeTimeout(CLIENT_TIME_OUT, TimeUnit.SECONDS)
            .readTimeout(CLIENT_TIME_OUT, TimeUnit.SECONDS)
        return okHttpBuilder.build()
    }


    private fun certificatePinning(mContext: Context):
            OkHttpClient.Builder {
        var mCertificateFactory: CertificateFactory =
            CertificateFactory.getInstance("X.509")
        var mInputStream = mContext.resources.openRawResource(R.raw.digital_kp_gov_pk)
        var mCertificate: Certificate = mCertificateFactory.generateCertificate(mInputStream)
        mInputStream.close()
        val mKeyStoreType = KeyStore.getDefaultType()
        val mKeyStore = KeyStore.getInstance(mKeyStoreType)
        mKeyStore.load(null, null)
        mKeyStore.setCertificateEntry("digital.kp.gov.pk", mCertificate)
        val mTmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm()
        val mTrustManagerFactory = TrustManagerFactory.getInstance(mTmfAlgorithm)
        mTrustManagerFactory.init(mKeyStore)
        val mTrustManagers = mTrustManagerFactory.trustManagers
        val mSslContext = SSLContext.getInstance("SSL")
        mSslContext.init(null, mTrustManagers, null)
        val mSslSocketFactory = mSslContext.socketFactory
        val builder = OkHttpClient.Builder()
        builder.sslSocketFactory(mSslSocketFactory, mTrustManagers[0] as X509TrustManager)
        builder.hostnameVerifier { _, _ -> true }
        return builder
    }

How can i safe my certificate that will not bypass using Frida and Objection?

Original Q&A

SSL Pinning bypass using retrofit

There are 0 best solutions below

Related Questions in FRIDA

Related Questions in BYPASS

Trending Questions

Popular # Hahtags

Popular Questions