Bypass la fijación SSL de IOS 15-16 con httptoolkit + script frida

[brunao-br]

configuro el kit de herramientas http en el iphone 7 plus IOS 15.8.2 con rootlees con SSL Kill Switch 3 pero aun así con aplicaciones ssl pinner no puedo ver el tráfico

[pimterry]

The Frida scripts are a best-effort solution to certificate unpinning, but they'll never be 100% perfect. They cover all common off-the-shelf certificate pinning solutions, but it's always possible for an app to implement totally custom certificate validation that can't be recognized & disabled automatically. In general, if the existing scripts don't work, the likely result is that you'll need to reverse engineer the specific details of the app that's failing, to understand exactly how it works and write a custom patch. For iOS I don't have any docs for that, but there's a guide to the equivalent process on Android that might be interesting here: https://httptoolkit.com/blog/android-reverse-engineering/.

Can you share any details about the specific app that's not working for you? It's helpful to document known failing cases here, so common issues can be investigated and any future solutions can be shared.

[brunao-br]

Do you have any direct contact to answer some questions and for me to contribute more to the httptoolkit project?

[pimterry]

Hi @brunao-br, no I'm afraid I can't offer personal support for anything like this. If you'd like one-to-one help I'd recommend hiring a reverse engineer from Fiverr, Upwork or similar marketplaces.

If you'd like community support, please share more details here and then others with the same issue or interested in the same app will be able to get involved too and share solutions. If it does turn out that there's a general problem I'm happy to look at fixes to the scripts to solve that, but I can't debug individual apps or device setups (I get literally thousands of requests for personal help with people's apps & devices, I just don't have time).