[BUG] ZAProxy shows no requests logs using Frida SSL bypass script on Instagram v320

[RigDillinger]

Describe the bug
Bypass script does not work on new Instagram release 320-0-0-42-101
No logs come from Instagram app to ZAProxy. Logging in to Instagram is not successful either.
See screenshots.

Method
Frida

App info

• Version: instagram-v320-0-0-42-101
• Arch: tested on: x86, x86_64, arm64-v8a

Device info

• Model: Pixel 6 Pro, Android Studio Emulator
• Android Version: 9 arm64 API 28, 10 x86 API 29, 11 x86_64 API 34, no Google services

Proxy tool
ZAProxy 2.14.0

Logs

Additional context
I attempted a simple debug:

I can see these logs just fine on Instagram v319 as well as requests in ZAProxy and able to log in to Instagram successfully.
Please, have a look.

[trxyazilimedu]

I use Samsung Galaxy A50 and Burp suite, I have the same error.

[evgen-dev]

For me works https://github.com/httptoolkit/frida-interception-and-unpinning/. But first you need to add proxygen ssl verification interception (method _ZN8proxygen15SSLVerification17v... in libliger.so) to native-tls-hook.js. And add mitm (or the proxy you use) cert to config.js file.

[MaksZ25]

@evgen-dev Can you please provide or help with this? Tried to add to native-tls-hook.js but haven't progress

[ultrafragile]

@RigDillinger @MaksZ25 @evgen-dev did you find a solution?

[evgen-dev]

Hi @MaksZ25
Created a fork and made the necessary changes. And create pull request.
https://github.com/evgen-dev/frida-interception-and-unpinning

[MaksZ25]

Hi @MaksZ25 Created a fork and made the necessary changes. And create pull request. https://github.com/evgen-dev/frida-interception-and-unpinning

Oh. I Just tried same code too but without progess. Will check tonight again. Can you please provide your tg username?

[evgen-dev]

Hi @MaksZ25 Created a fork and made the necessary changes. And create pull request. https://github.com/evgen-dev/frida-interception-and-unpinning

Oh. I Just tried same code too but without progess. Will check tonight again. Can you please provide your tg username?

This code still works for me. But works only cold start (clear all app data and then launch app)

[ultrafragile]

Hi @MaksZ25 Created a fork and made the necessary changes. And create pull request. https://github.com/evgen-dev/frida-interception-and-unpinning

Oh. I Just tried same code too but without progess. Will check tonight again. Can you please provide your tg username?

What is your Telegram username? Maybe we can troubleshoot together too @MaksZ25

[evgen-dev]

@ultrafragile Have you replaced these values ​​with yours?

[MaksZ25]

@evgen-dev Not works anymore. In debug I see unix:stream connections ignoring. All config.js settings correct because it works for demo app of httptoolkit

Manually intercepting connection to [2a:3:28:80:f0:45:0:10:fa:ce:b0:c:0:0:0:3]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 161 to {"ip":"::ffff:192.168.88.252","port":9999} (-1) Manually intercepting connection to [2a:3:28:80:f0:45:0:10:fa:ce:b0:c:0:0:0:3]:443 Ignoring unix:stream connection Ignoring unix:stream connection Connected tcp6 fd 162 to null (-1) OnEnter: args: /data/data/com.instagram.android/lib-compressed/libcryptopub.so

[MaksZ25]

@evgen-dev @ultrafragile

[teo724]

It works unpinning without any problem for me.

[shadowc0de]

@ultrafragile Have you replaced these values ​​with yours?

May I know what command you used? It still doesn’t capture any request, anyone?

[mdc-git]

@evgen-dev

Thank you for your efforts. It works a bit for me. I can scroll through my profile page fine, but the search doesn't work and clicking on other profiles doesn't work either.
I'm getting messages like this in frida shell:

 !!! --- Unexpected TLS failure --- !!!
      SSLPeerUnverifiedException: java.security.cert.CertificateException: Didn't find a trust anchor in chain cleanup!
      Thrown by X.176->A00
      [ ] Unrecognized TLS error - this must be patched manually

 !!! --- Unexpected TLS failure --- !!!
      CertificateException: Didn't find a trust anchor in chain cleanup!
      Thrown by X.0Mg->A00
      [ ] Unrecognized TLS error - this must be patched manually

Everytime I use the non working parts, mitmproxy tells me: the client doesn't trust the proxy's certificate for gateway.instagram.com and edge-mqtt.facebook.com. It catches the requests from i.instagram.com, though.

Command I used:

frida -U \
    -l ./config.js \
    -l ./native-connect-hook.js \
    -l ./native-tls-hook.js \
    -l ./android/android-proxy-override.js \
    -l ./android/android-system-certificate-injection.js \
    -l ./android/android-certificate-unpinning.js \
    -l ./android/android-certificate-unpinning-fallback.js \
    -f com.instagram.android

It also doesn't seem to refresh my profile page with new content.

[MaksZ25]

@evgen-dev Write me on tg please: alx_grx