l33t-En0ugh
GithubTwitterMediumLinkedin
  • Android Pentesting
    • Bypass SSL Pinning for flutter apps using reFlutter Framework
    • Easy way to bypass SSL Pinning using apk-mitm tool
  • HackTheBox
    • Nunchucks - Easy
    • BountyHunter - Easy
    • Lame - Easy
    • Bashed - Easy
    • Netmon - Easy
    • Seal - Medium
    • Intelligence - Medium
    • Bastard - Medium
  • TryHackMe
    • Attacktive Directory
  • Offensive Lab
    • FunboxEasyEnum - Easy
    • BBSCute - Easy
  • Capture The Flag (CTF)
    • Binary Exploitation (Pwn)
    • Steganography - HTB
    • Cryptography - HTB
    • Forensics - HTB
  • Active Directory
    • HTB-Mantis (Hard)
  • Window Privilege Escalation
  • Linux Privilege Escalation
  • Buffer Overflow
  • Cloud Pentesting
    • Pentesting Azure Active Directory
  • Web Exploitation
    • Attacking JSON Web Token
Powered by GitBook
On this page
  • Installation
  • Reference
  1. Android Pentesting

Bypass SSL Pinning for flutter apps using reFlutter Framework

PreviousAndroid PentestingNextEasy way to bypass SSL Pinning using apk-mitm tool

Last updated 3 years ago

Flutter apps are a little bit different and hard to bypass ssl pinning.There are many method to bypass ssl pinning for flutter apps and I'm gonna show you one of the method to bypass ssl pinning using reflutter flamework

This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis.

Installation

pip3 install reflutter

Demonstration apps,

We have two options HTTP Request and HTTPS Request , First let's check in HTTP Request

The traffic through the burpsuite and we will get success response.But If we click on HTTPS Request ,we will get error like this.

So, let's bypass it using reflutter framework

reflutter flutter-apps.apk

IP is the IP of the machine which the burpsuite is running.

Now we will get release.RE.apk but this apk is not sign yet. We have to sign manually and

java -jar uber-apk-signer-1.2.1.jar --apk release.RE.apk

Now install signed apk in your device.

adb install release.RE-aligned-debugSigned.apk

For the next step, we have to configure the proxy in burpsuite.

First, change port 8083 because reFlutter set it by default.

In Request handling tab, enable Support invisible proxying and click on OK.

Now open the new apk and click on HTTPS Request

NOTE: we need to turn off all the proxies because reflutter is already modifed and set the proxy settings in the patched app.

Now we can intercept the HTTPS traffic of the flutter based app by bypassing the SSL pinning usingreFlutter framework.

Reference

I'm used in here. You can use your own method.

https://github.com/thedarksource/Android/tree/master/flutter-test-apps
uber-apk-signer
https://github.com/ptswarm/reFlutter
https://github.com/thedarksource/Android/tree/master/flutter-test-apps
https://github.com/patrickfav/uber-apk-signer/releases/