Skip to content

A Frida script that disables Flutter's TLS verification

Notifications You must be signed in to change notification settings

NVISOsecurity/disable-flutter-tls-verification

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 

Repository files navigation

disable-flutter-tls-verification

A Frida script that disables Flutter's TLS verification

This script works on Android x86, Android x64 and iOS x64. It uses pattern matching to find ssl_verify_peer_cert in handshake.cc

You can use it via Frida by downloading disable-flutter-tls.js or by using Frida codeshare:

frida -U -f your.package.name -l disable-flutter-tls.js --no-pause

# or Frida codeshare

frida -U --codeshare TheDauntless/disable-flutter-tls-v1 -f YOUR_BINARY

Further information can be found in this blogpost.

⚠️ What if this script doesn't work?

Before creating a GitHub issue, please test the following steps:

  • Can you intercept HTTP requests from the demo application?
    • If not, note that Flutter apps do not use the system's proxy settings by default. This means you should use Proxydroid on Android and OpenVPN on iOS (or a rogue rogue access point on both). On the Android Studio AVDs, you can use -http-proxy when launching the emulator.
  • Can you intercept HTTPS requests from the demo application?
  • Have you checked if your app's flutter library is inside the libflutter_samples directory?
    • For Android: run apktool d <YOURAPK> and run md5sum on libs/<ARCH>/libflutter.so
    • For iOS: Extract an unencrypted IPA, unzip it and run md5sum on Payload/Runner.app/Frameworks/Flutter.framework/Flutter
    • Alternatively, copy libflutter.so or Flutter to the correct folder in libflutter_samples and run python3 verify.py

If you can succesfully intercept all requests from the demo app and your library is not included in the samples, please open a GitHub issue with the app in question. It is possible that the app is using additional SSL pinning plugins, so a combination of this plugin and objection / other Frida scripts may be necessary. This is outside of the scope of this project and you will have to RE yourself to identify additional pinning protections.