Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ios ssl pinning: add support for iOS 13 #301

Merged
merged 2 commits into from
Dec 2, 2019
Merged

ios ssl pinning: add support for iOS 13 #301

merged 2 commits into from
Dec 2, 2019

Conversation

tmm1
Copy link
Contributor

@tmm1 tmm1 commented Nov 19, 2019

@tmm1
Copy link
Contributor Author

tmm1 commented Nov 19, 2019

Trying to test this and I'm running into an error I'm not sure how to find the source of:

(agent) Hooking BoringSSL methods
A Frida agent exception has occurred.
Error: expected a pointer
    at /script1.js:10720
    at /script1.js:10880
    at /script1.js:10893
    at frida/runtime/message-dispatcher.js:15
    at c (frida/runtime/message-dispatcher.js:25)

@tmm1
Copy link
Contributor Author

tmm1 commented Nov 20, 2019

I figured out the error and fixed it.

@leonjza
Copy link
Member

leonjza commented Nov 20, 2019

Thank you for the PR! I'll test && merge this asap.

Trying to test this and I'm running into an error I'm not sure how to find the source of:

For future reference, adding the --debug flag to the command line will include the agents source map, meaning stack traces would include references to the relevant TypeScript source instead of just a generic script.js trace.

@g-goessel
Copy link

@tmm1 I tried your patch and I couldn't bypass the pinning protection with Alamofire.
I could get it to work by doing the following:

--- a/agent/src/ios/pinning.ts
+++ b/agent/src/ios/pinning.ts
@@ -448,10 +448,7 @@ export namespace sslpinning {
   // SSL_CTX_set_custom_verify
   const sSLCtxSetCustomVerify = (ident: string): InvocationListener => {
     const getPskIdentity = libObjc.SSL_get_psk_identity;
-    var setCustomVerify = libObjc.SSL_CTX_set_custom_verify;
-    if (setCustomVerify.isNull()) {
-        setCustomVerify = libObjc.SSL_set_custom_verify;
-    }
+    var setCustomVerify = libObjc.SSL_set_custom_verify;

     if (setCustomVerify.isNull() || getPskIdentity.isNull()) {
       return null;

This is by no mean a clean way to do it because I probably breaks older iOS versions, I will try to do it properly and submit my solution (it's the first time I work with frida/objection)

@leonjza
Copy link
Member

leonjza commented Nov 24, 2019

@g-goessel thanks for the update and the diff! I also plan on testing this in the coming week.

@tmm1
Copy link
Contributor Author

tmm1 commented Nov 24, 2019

@g-goessel please try the change I just made

@g-goessel
Copy link

@tmm1 yes, works fine !
Thanks

Out of curiosity, what app do you use to check the ssl pinning ? I modified something but I'm not that good at writing iOS apps 😅

@leonjza leonjza merged commit 1524a72 into sensepost:master Dec 2, 2019
@leonjza
Copy link
Member

leonjza commented Dec 2, 2019

Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tmm1 @leonjza @g-goessel