Kill Facebook for iOS's SSL Pinning
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
DyldPatcher Initial Commit Feb 14, 2017
DyldXcodeProject Initial Commit Feb 14, 2017
iReSign Initial Commit Feb 14, 2017
README.md Update README.md Mar 19, 2017
screenshot.png Initial Commit Feb 14, 2017

README.md

HackingFacebook

Bypassing Facebook for iOS's SSL Pinning, allow us to capture decrypted HTTPS request send from Facebook, with tools like Charles.

Screen Shot

Description

This repository shows how to kill the certificate pinning in Facebook for iOS without Jailbreak your device.

I've successfully captured decrypted https requests from Facebook with Charles by apply this patch. I tested the currently newest Facebook for iOS version 79.0, this patch may become invalid with newer version.

About

Instructions

Update 20170319

I've developed a new tool to finish this steps in more simple way, see:

https://github.com/Naituw/IPAPatch

Original Instructions

  1. Prepare Facebook_extenstion_removed.ipa

    • Get decrypted Facebook ipa, wether from a jailbroken device or ipa download site (I'm using ipa downloaded from http://www.iphonecake.com)
    • Unzip ipa, Remove Payload/Facebook.app/Plugins folder, which contains App Extensions.
    • Zip the Payload folder, and rename to Facebook_extenstion_removed.ipa
  2. Inject Code to Facebook_extenstion_removed.ipa

    • Build DyldXcodeProject, make sure the target is selected to real device (NOT iPhone Simulators), copy the result framework's binary file to a folder named DyldsForInjection

    • Use the script provide in DyldPatcher, patch the binary we generated, to Facebook_extenstion_removed.ipa, the patched file is named Facebook_extenstion_removed-patched.ipa

         cd DyldPatcher
         ./patchapp.sh Facebook_extenstion_removed.ipa DyldsForInjection
      
  3. Resign Facebook_extenstion_removed-patched.ipa

    • Use the modified version of iResign to resign the file, the result file is Facebook_extenstion_removed-patched-resigned.ipa, this version will sign the dyld we injected correctly.
  4. Install and Run

    • Install Facebook_extenstion_removed-patched-resigned.ipa via Xcode
    • Capture HTTPS requests like other apps with Charles!