Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added ios & android technique and tool for re-flutter (by @appknox) #2600

Merged
merged 22 commits into from
Jun 24, 2024
Merged

Added ios & android technique and tool for re-flutter (by @appknox) #2600

Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
1570297
Added techniques/android/MASTG-TECH-0099.md ,techniques/ios/MASTG-TEC…
sk3l10x1ng Apr 8, 2024
c66ad79
updated title
sk3l10x1ng Apr 8, 2024
67ef2c4
small correction fixes
sk3l10x1ng Apr 8, 2024
55cceab
renamed file to MASTG-TECH-0109.md
sk3l10x1ng Apr 10, 2024
c7b2103
updated ios & android techniques
sk3l10x1ng Apr 16, 2024
a8e2af9
update ios technique
sk3l10x1ng Apr 17, 2024
bab130a
added link
sk3l10x1ng Apr 17, 2024
3e8026e
added content
sk3l10x1ng Apr 17, 2024
4400933
updated mastg-tech-0109
sk3l10x1ng Apr 22, 2024
2e8a6db
updated mastg-tech-0110
sk3l10x1ng Apr 22, 2024
a7313bf
removed duplicate re-flutter mastg-tool-0099
sk3l10x1ng Apr 22, 2024
58a0c5b
removed duplicate file mastg-tech-0099
sk3l10x1ng Apr 22, 2024
a739edc
fix typo
cpholguera Apr 27, 2024
987322d
fix typo
cpholguera Apr 27, 2024
b3fc2e1
updated
sk3l10x1ng May 13, 2024
2f9e0bd
rename filename
sk3l10x1ng May 14, 2024
3d414a7
renamed the android app filename to MASTG-APP-0017
sk3l10x1ng Jun 14, 2024
338d809
updated changes
sk3l10x1ng Jun 18, 2024
e5eff2d
updated TOOL-0101.md
sk3l10x1ng Jun 18, 2024
6541328
updated TOOL-0100.md
sk3l10x1ng Jun 18, 2024
f91f157
updated changes TOOL-0100
sk3l10x1ng Jun 20, 2024
843c05e
updated techinque and tool
sk3l10x1ng Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
updated TOOL-0101.md
  • Loading branch information
@sk3l10x1ng
sk3l10x1ng committed Jun 18, 2024
commit e5eff2db50c7b31b0a460ff904d4290aa833b7c9
2 changes: 1 addition & 1 deletion tools/generic/MASTG-TOOL-0101.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ platform: generic
source: https://github.com/NVISOsecurity/disable-flutter-tls-verification
---

[disable-flutter-tls-verification](https://github.com/NVISOsecurity/disable-flutter-tls-verification) is a Frida script that disables Flutter's TLS verification and works on Android x86, Android x64 and iOS x64. It uses pattern matching to find [ssl_verify_peer_cert in handshake.cc](https://github.com/google/boringssl/blob/master/ssl/handshake.cc#L323). Further information can be found in [this blogpost](https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/).
[disable-flutter-tls-verification](https://github.com/NVISOsecurity/disable-flutter-tls-verification) is a Frida script that disables Flutter's TLS verification and works on (ARM32, ARM64 and x64) and iOS (ARM64). It uses pattern matching to find [ssl_verify_peer_cert in handshake.cc](https://github.com/google/boringssl/blob/master/ssl/handshake.cc#L323). Further information can be found in [this blogpost](https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
[disable-flutter-tls-verification](https://github.com/NVISOsecurity/disable-flutter-tls-verification) is a Frida script that disables Flutter's TLS verification and works on (ARM32, ARM64 and x64) and iOS (ARM64). It uses pattern matching to find [ssl_verify_peer_cert in handshake.cc](https://github.com/google/boringssl/blob/master/ssl/handshake.cc#L323). Further information can be found in [this blogpost](https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/).
[disable-flutter-tls-verification](https://github.com/NVISOsecurity/disable-flutter-tls-verification) is a Frida script that disables Flutter's TLS verification and works on (ARM32, ARM64 and x64) and iOS (ARM64). It uses pattern matching to find [ssl_verify_peer_cert in handshake.cc](https://github.com/google/boringssl/blob/master/ssl/handshake.cc#L323). Further information can be found in [this blog post](https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/).


You can use it via Frida codeshare or by downloading disable-flutter-tls.js from the repo as indicated in these [instructions](https://github.com/NVISOsecurity/disable-flutter-tls-verification).