GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tsarpaul → Fbunpinner

tsarpaul / Fbunpinner

Bypass Facebook/Instagram Certificate Pinning for Android

Programming Languages

python
139335 projects - #7 most used programming language

Labels

facebook

Projects that are alternatives of or similar to Fbunpinner

Laravel Facebook
A Facebook bridge for Laravel
Stars: ✭ 120 (-17.81%)
Mutual labels:  facebook
Facebook.ex
Facebook Graph API Wrapper written in Elixir
Stars: ✭ 130 (-10.96%)
Mutual labels:  facebook
Puppeteer Social Image
Create dynamic social share images using HTML + CSS via puppeteer 🎁
Stars: ✭ 141 (-3.42%)
Mutual labels:  facebook
Concierge
Modular chat bot. (Karma + Sassy + Hubot) * (Discord + Facebook + Messenger + Slack + Skype + Telegram + Hipchat + ...) = Concierge
Stars: ✭ 121 (-17.12%)
Mutual labels:  facebook
Botkit
Botkit is an open source developer tool for building chat bots, apps and custom integrations for major messaging platforms.
Stars: ✭ 10,555 (+7129.45%)
Mutual labels:  facebook
Big Companies Interview Questions
A curated list of previous asked Interview Question at Big Companies and Startups 🤲 🏆
Stars: ✭ 135 (-7.53%)
Mutual labels:  facebook
Facebook adblock
An open-source Ad Blocker for Facebook™
Stars: ✭ 118 (-19.18%)
Mutual labels:  facebook
Kinobot
Aesthetically perfectionist bot for cinephiles
Stars: ✭ 144 (-1.37%)
Mutual labels:  facebook
Assent
Multi-provider framework in Elixir
Stars: ✭ 126 (-13.7%)
Mutual labels:  facebook
Facebash Termux
Facebook BruteForce [ By Tor ] Tool For Termux.
Stars: ✭ 141 (-3.42%)
Mutual labels:  facebook
Sharer.js
🔛 🔖 Create your own social share buttons. No jquery.
Stars: ✭ 1,624 (+1012.33%)
Mutual labels:  facebook
React File Drop
React component for Gmail or Facebook -like drag and drop file uploader
Stars: ✭ 123 (-15.75%)
Mutual labels:  facebook
Messengerbot
Python client for Facebook Messenger Platform Bot
Stars: ✭ 140 (-4.11%)
Mutual labels:  facebook
Fbreaction
Demonstration for blog post
Stars: ✭ 121 (-17.12%)
Mutual labels:  facebook
Facebook Events By Location Core
[DEPRECATED] Search Facebook events by location and proximity.
Stars: ✭ 141 (-3.42%)
Mutual labels:  facebook
Facebook
📨 Facebook Notifications Channel for Laravel
Stars: ✭ 120 (-17.81%)
Mutual labels:  facebook
Craft Seomatic
SEOmatic facilitates modern SEO best practices & implementation for Craft CMS 3. It is a turnkey SEO system that is comprehensive, powerful, and flexible.
Stars: ✭ 135 (-7.53%)
Mutual labels:  facebook
Facebook Scripts Dom Manipulation
An open-source project includes many scripts with no Access Token needed for Facebook users by directly manipulating the DOM.
Stars: ✭ 146 (+0%)
Mutual labels:  facebook
Yfiton
Cross-platform CLI utility command for sending notifications using well-known or modern communication services
Stars: ✭ 142 (-2.74%)
Mutual labels:  facebook
Facebook Js Ads Sdk
[DEPRECATED] OFFICIAL FACEBOOK SDK: https://github.com/facebook/facebook-nodejs-ads-sdk
Stars: ✭ 140 (-4.11%)
Mutual labels:  facebook
View All Similar Projects ➔

FBUnpinner

Works for Instagram & Facebook

SUPPORTS:
TLS1.3 & TLS1.2 for x86/ARM32/ARM64
Instagram x86 currently does not work, feel free to open a pull request :)

A script to automate removing certificate pinning defense from Facebook applications.

TESTED FOR THE FOLLOWING APPS:

  • com.facebook.katana (Facebook for Android)
  • com.facebook.orca (Messenger)
  • com.facebook.lasso (Lasso)
  • com.instagram.android (Instagram for Android)

How-to

[REQUIRES ROOT]
  • Note: for Instagram replace lib-xzs/libcoldstart.so with lib-zstd/libliger.so

  1. Make sure you have run the desired Facebook application atleast once - what happens is that the cert pinning library (libcoldstart.so) is unpacked from an archive embedded in the APK.

  2. Get root shell in your device:

$(comp): adb shell
$(phone): su
  1. Pull libcoldstart.so from your desired Facebook application:
#(phone): cp /data/data/com.facebook.katana/lib-xzs/libcoldstart.so /sdcard/libcoldstart.so
#(phone): exit
$(phone): exit
$(comp): adb pull /sdcard/libcoldstart.so FBUnpinner/
  1. Patch the file:
$ python3 patch.py

OR:

$ python3 patch.py libliger.so libliger-patched.so
  1. Replace libcoldstart.so in the phone with the patched version:
$(comp): adb push libcoldstart-patched.so /sdcard/libcoldstart.so
$(comp): adb shell
$(phone): su
#(phone): cp /sdcard/libcoldstart.so /data/data/com.facebook.katana/lib-xzs/libcoldstart.so
#(phone): chmod 777 /data/data/com.facebook.katana/lib-xzs/libcoldstart.so
  1. (Optional) Setting up Burp to work with TLS 1.3 ("no cipher suites in common")
<path_to_jdk>/jdk-11.0.2.jdk/Contents/Home/bin/java -jar burpsuite_community.jar

TODO

A script to just patch an APK

Tested Emulators

Android Studio: Nexus_6_API_24 - Google APIs Intel Atom (x86)

Genymotion: Google Nexus 5X API 26 (x86)

Reference

https://serializethoughts.com/2016/08/18/bypassing-ssl-pinning-in-android-applications/
https://plainsec.org/how-to-bypass-instagram-ssl-pinning-on-android-v78/

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].