Created
March 17, 2020 09:31
-
-
Save alximw/a8b68df4171668fa192e74aecbd1d178 to your computer and use it in GitHub Desktop.
Revisions
-
alximw created this gist
Mar 17, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,101 @@ while(!Java.available); if(Java.available) { Java.perform(function() { try { var TrustManagerImpl = Java.use('com.android.org.conscrypt.TrustManagerImpl'); var array_list = Java.use("java.util.ArrayList"); TrustManagerImpl.verifyChain.implementation = function (untrustedChain, trustAnchorChain, host, clientAuth, ocspData, tlsSctData) { return untrustedChain; } } catch (err) { send("[*] Error"); if (err.message.indexOf('ClassNotFoundException') === 0) { throw new Error(err); } } AndroidSSLPlatform.a.overload('java.security.Provider', 'java.lang.String', 'java.security.KeyStore').implementation = function(a,b,c){ stackTrace() return this.a(a,b,c) } const keyStoreWrapper = Java.use("lfr"); keyStoreWrapper.a.overload('java.security.cert.X509Certificate').implementation = function(a){ console.log("KeyStoreContainsRootCert(X509Certificate)") return true; } keyStoreWrapper.$init.overload('java.security.KeyStore').implementation = function(keystore){ console.log("KeyStoreWrapper() ") console.log("Entries in keystore: "+keystore.size()) var alias = keystore.aliases() while(alias.hasMoreElements()){ console.log(alias.getCertificate(alias.nextElement())) } return keyStoreWrapper.$init.call(this, keystore) } const CertificateChain = Java.use("lfh"); CertificateChain.a.overload('[Ljava.security.cert.X509Certificate;', 'lfr').implementation = function(certs,keyStoreWrapper){ console.log("ValidateCertificateChain(X509Certificate[], KeyStore)"); return this.a(certs, keyStoreWrapper); } CertificateChain.a.overload('java.security.cert.X509Certificate', 'java.security.cert.X509Certificate').implementation = function(cert_a,cert_b){ console.log("CertsAreEqualOrAChain('java.security.cert.X509Certificate','java.security.cert.X509Certificate')"); var return_value = this.a(cert_a, cert_b); return true } const TrustManager = Java.use("lfm"); TrustManager.$init.overload('lfr','[Ljava.lang.String;', 'long' ).implementation = function(a,b,c){ console.log("TrustManager() constructor") return TrustManager.$init.call(this, a,b,c) } TrustManager.a.overload('[Ljava.security.cert.X509Certificate;').implementation = function(certs){ console.log("checkPins([Ljava.security.cert.X509Certificate;)") return this.a(certs) } TrustManager.a.overload('java.security.cert.X509Certificate').implementation = function(cert){ console.log("validateCert(java.security.cert.X509Certificate)") var result = this.a(cert) console.log("Validating : "+cert.getSerialNumber()) return true; } TrustManager.a.overload('java.lang.String').implementation = function(string){ console.log("computePinFromString(string="+string+")") return this.a(string) } TrustManager.a.overload('[Ljava.security.cert.X509Certificate;', 'java.lang.String').implementation = function(certs, string){ console.log("ValidateChain([Ljava.security.cert.X509Certificate;', 'java.lang.String')") return this.a(certs, string) } TrustManager.a.overload('lfr').implementation = function(keyStore){ console.log("getTrustManagers(keyStore)") return this.a(keyStore) } TrustManager.checkServerTrusted.overload('[Ljava.security.cert.X509Certificate;', 'java.lang.String').implementation = function(keyChain, authType){ console.log("checkServerTrusted()") return this.checkServerTrusted(keyChain, authType) } }); }