Bypass SSL Pinning for flutter apps using reFlutter Framework
Last updated
Last updated
Flutter apps are a little bit different and hard to bypass ssl pinning.There are many method to bypass ssl pinning for flutter apps and I'm gonna show you one of the method to bypass ssl pinning using reflutter flamework
This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has snapshot deserialization process modified to allow you perform dynamic analysis.
Demonstration apps,
https://github.com/thedarksource/Android/tree/master/flutter-test-apps
We have two options HTTP Request and HTTPS Request , First let's check in HTTP Request
The traffic through the burpsuite and we will get success response.But If we click on HTTPS Request ,we will get error like this.
So, let's bypass it using reflutter framework
IP is the IP of the machine which the burpsuite is running.
Now we will get release.RE.apk but this apk is not sign yet. We have to sign manually and
I'm used uber-apk-signer in here. You can use your own method.
Now install signed apk in your device.
For the next step, we have to configure the proxy in burpsuite.
First, change port 8083 because reFlutter set it by default.
In Request handling tab, enable Support invisible proxying and click on OK.
Now open the new apk and click on HTTPS Request
NOTE: we need to turn off all the proxies because reflutter is already modifed and set the proxy settings in the patched app.
Now we can intercept the HTTPS traffic of the flutter based app by bypassing the SSL pinning usingreFlutter framework.
https://github.com/ptswarm/reFlutter
https://github.com/thedarksource/Android/tree/master/flutter-test-apps
