frida-ssl-pinning-bypass
frida-ssl-pinning-bypass frida-ssl-pinning-bypass is the dynamic script injector that hooks SSL validation methods in Android/iOS apps using Frida, disabling cert pinning at runtime for seamless MITM with Burp or ZAP. Load the JS script via frida-cli on your hooked device, targeting common libs like OkHttp or AFNetworking for instant unpinning. Open-source from community, it's the runtime rebel for mobile pentesters cracking encrypted traffic without repacks.
Explore →objection
objection objection is the runtime explorer powered by Frida that automates SSL pinning bypasses with one command, exploring app internals like keychains or databases post-unpinning for deeper analysis. Bridge to your instrumented app via objection console, running 'android sslpinning disable' or iOS equivalents for traffic interception. Open-source from sensepost, it's the all-access pass for analysts tunneling through pinned connections effortlessly.
Explore →sslunpinning
sslunpinning sslunpinning is the Xposed-based module for Android that neuters SSL pinning in system-wide or per-app modes, hooking TrustManager impls for universal traffic decryption during tests. Install via Magisk or root, toggle via its app, and route through proxies for full visibility. Open-source from acomodi, it's the root-level disarm for pentesters targeting pinned apps without code changes.
Explore →JustTrustMe
JustTrustMe JustTrustMe is the minimalist Xposed hook that blindly trusts all SSL certs in Android apps, bypassing pinning checks with a single method override for straightforward MITM setups. Flash via Xposed Installer on rooted devices, activate for targeted processes, and capture decrypted flows instantly. Open-Source from Fuzion24, it's the trust-me-bro tool for quick unpinning in legacy or stubborn apps.
Explore →ios-ssl-kill-switch
iOS SSL Kill Switch iOS SSL Kill Switch is the tweak that disables ATS and pinning in jailbroken iOS apps, hooking NSURLSession and CFNetwork for universal decryption during dynamic analysis. Sideload via Cydia or AltStore, toggle in settings, and proxy traffic for endpoint exploration. Open-source from nst, it's the iOS interceptor for reverse engineers peeling back encrypted layers on Apple devices.
Explore →frida-multiple-unpinning
frida-multiple-unpinning frida-multiple-unpinning is the comprehensive Frida script collection for bypassing diverse pinning impls in Android apps, from custom TrustManagers to native libs with targeted hooks. Spawn frida-server on device, inject the universal script, and watch it neutralize variants like AndroidX or Retrofit. Open-source from community, it's the hook harness for pentesters tackling hybrid pinning schemes.
Explore →APK-Pinning-Bypass
APK-Pinning-Bypass APK-Pinning-Bypass is the static patcher that modifies APK smali code to null out pinning checks, rebuilding signed apps for proxy-friendly testing without runtime tools. Decompile with apktool, apply patches via script, and reinstall for persistent unpinning. Open-source from community, it's the code surgeon for analysts altering manifests to expose internals permanently.
Explore →TrustMeAlready
TrustMeAlready TrustMeAlready is the Frida-based iOS unpinner that overrides SecTrustEvaluate for jailbroken devices, handling advanced pinning with method swizzling for full traffic visibility. Inject via tweakd or CLI, targeting specific processes for selective decryption. Open-source from iOS RE community, it's the iOS insider for pentesters bypassing App Transport Security hurdles.
Explore →Android-SSL-TrustKiller
Android-SSL-TrustKiller Android-SSL-TrustKiller is the Xposed module that kills TrustManager checks system-wide, forcing apps to accept self-signed certs for MITM in rooted environments. Enable via Xposed Edge, monitor logs for bypassed attempts, and route through Fiddler or mitmproxy. Open-source from community, it's the blanket bypass for broad Android app testing without per-app tweaks.
Explore →frida-ios-ssl-pinning-bypass-scripts