Bypass TikTok SSL certificate pinning on Android to intercept, inspect, and analyze HTTPS network traffic — works on both rooted and non-rooted devices.
This project provides a pre-patched TikTok APK with SSL/TLS certificate pinning disabled, enabling security researchers and developers to capture and analyze TikTok's HTTPS traffic using standard MITM proxy tools. Inspect API endpoints, video feed requests, authentication flows, analytics payloads, and content delivery mechanisms used by one of the world's most popular social media platforms.
- ✅ No root required (also supports rooted devices)
- ✅ Compatible with Android emulators (Nox, LDPlayer, BlueStacks)
- ✅ Works with popular proxy tools (Burp Suite, Mitmproxy, Reqable, Proxypin)
- ✅ ARM64-v8a & armeabi-v7a architecture support
- ✅ Full app functionality preserved — browse, watch, and interact normally
I've recently released a new, improved TikTok bypass APK with significant upgrades over the public version:
| Feature | Public Build (v45.9.3) | 🌟 Latest Enhanced Build |
|---|---|---|
| SSL Pinning Bypass | ✅ | ✅ |
| Android 10 & below support | ✅ | ✅ |
| Android 11+ support | ❌ | ✅ |
| Login & registration traffic capture | ❌ | ✅ |
| Passport / OTP / email flow interception | ❌ | ✅ |
| Latest TikTok version | ❌ | ✅ |
| Distribution | Download | Get on Telegram |
- Full Android support — bypass network security configurations that block the public build on newer Android versions
- Login & registration flow capture — intercept
passport/email/send_code,passport/auth/available_ways, OTP requests, account verification, and full authentication payloads - Latest TikTok version — actively maintained, updated weekly to track TikTok's releases
- Works on stock devices — no system-level changes required
The latest enhanced APK is not publicly distributed. To request access:
Live capture from the Enhanced Build showing TikTok's authentication endpoint (
/passport/email/send_code/) being intercepted in cleartext on a modern Android version — something the public build cannot do.
If this project helped your security research, please star this repo — it helps others discover it and motivates continued updates!
⚠️ Note: This public build only supports Android 10 and below, and cannot capture login/authentication traffic. For Android 11+ support and login capture, use the Enhanced Build (Telegram only).
| Source | Link |
|---|---|
| GitHub Releases | Download from Releases |
| Telegram | Get on Telegram |
- Android phone or tablet (rooted or non-rooted)
- A traffic interception proxy tool:
- Windows PC with one of the following emulators installed:
- A desktop MITM proxy tool:
- Burp Suite — industry standard
- Mitmproxy — open source
- Reqable
- Proxypin
- Uninstall the official TikTok app from your device (if installed).
- Get the APK — download the public build from Releases, or request the Enhanced Build on Telegram for Android 11+ and login capture.
- Install the patched APK on your Android device or emulator.
- Configure your proxy tool of choice to intercept traffic.
- Launch TikTok and start capturing HTTPS requests and responses.
Tip: Install and trust the proxy's CA certificate on your device for full HTTPS decryption. Force-stop and relaunch the app if traffic doesn't appear immediately.
Looking for SSL pinning bypasses for other apps? Check out my other repos:
- 📘 Facebook SSL Pinning Bypass — Intercept Facebook HTTPS traffic on Android
- 💬 Messenger SSL Pinning Bypass — Capture Facebook Messenger API requests & responses
- 📸 Instagram SSL Pinning Bypass — Capture Instagram API requests & responses
- 🧵 Threads SSL Pinning Bypass — Analyze Threads network traffic
- 💼 Meta Business Suite SSL Pinning Bypass — Intercept Meta Business Suite HTTPS traffic
- 🎵 TikTok Lite SSL Pinning Bypass — Intercept TikTok Lite HTTPS traffic on Android
- 🛒 AliExpress SSL Pinning Bypass — Intercept AliExpress HTTPS traffic on Android
💬 For any of the above or a custom bypass, message me on Telegram.
This project is supported by the community through public funding. If this tool saved you time or helped your research, consider supporting continued development:
| Currency | Address |
|---|---|
| Bitcoin (BTC) | bc1px97s59kkyde66ptvp04amntufahkn3megnys25w7d6hrdy0tqjyszz6gxh |
| USDT (ERC-20) | 0xFFC89D25A6Ff41238982Fd9846D8CE2B22B2b3Cc |
| USDT (TRC-20) | THssAZhUQEEsw15211rAaRLGRjSWXMX4PW |
Every contribution — big or small — helps maintain and update bypasses as apps release new versions. Thank you!
Have a question, need the Enhanced Build, want a custom bypass, or want the latest APK?