setImmediate(function () {
console.log("[*] SSL pinning killchain loaded");
Java.perform(function () {
/*
* =====================================================
* 1) Universal TrustManager bypass
* =====================================================
*/
try {
var X509TrustManager = Java.use("javax.net.ssl.X509TrustManager");
var SSLContext = Java.use("javax.net.ssl.SSLContext");
var TrustManager = Java.registerClass({
name: "dev.asd.TrustManager",
implements: [X509TrustManager],
methods: {
checkClientTrusted: function (chain, authType) {},
checkServerTrusted: function (chain, authType) {},
getAcceptedIssuers: function () {
return [];
}
}
});
SSLContext.init.overload(
"[Ljavax.net.ssl.KeyManager;",
"[Ljavax.net.ssl.TrustManager;",
"java.security.SecureRandom"
).implementation = function (km, tm, sr) {
console.log("[+] SSLContext.init() bypassed");
SSLContext.init.call(this, km, [TrustManager.$new()], sr);
};
} catch (e) {
console.log("[-] TrustManager hook failed: " + e);
}
/*
* =====================================================
* 2) OkHttp CertificatePinner – hook EVERYTHING
* =====================================================
*/
try {
var CertificatePinner = Java.use("okhttp3.CertificatePinner");
CertificatePinner.check.overloads.forEach(function (ov) {
ov.implementation = function () {
console.log("[+] OkHttp CertificatePinner.check() bypassed");
return;
};
});
if (CertificatePinner.check$okhttp) {
CertificatePinner.check$okhttp.overloads.forEach(function (ov) {
ov.implementation = function () {
console.log("[+] OkHttp CertificatePinner.check$okhttp() bypassed");
return;
};
});
}
console.log("[*] OkHttp CertificatePinner fully hooked");
} catch (e) {
console.log("[-] OkHttp hook failed: " + e);
}
/*
* =====================================================
* 3) HttpsURLConnection (legacy fallback)
* =====================================================
*/
try {
var HttpsURLConnection = Java.use("javax.net.ssl.HttpsURLConnection");
HttpsURLConnection.setDefaultHostnameVerifier.implementation = function (verifier) {
console.log("[+] HostnameVerifier bypassed");
};
} catch (e) {}
console.log("[*] SSL pinning killchain active");
});
});