Skip to content
This repository has been archived by the owner on Aug 20, 2022. It is now read-only.
/ Instagram_SSL_Pinning Public archive

Bypass Instagram SSL Pinning on Android

License

GPL-3.0 license
495 stars 119 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

itsMoji/Instagram_SSL_Pinning

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits

arm

arm

 
 

arm64-v8a

arm64-v8a

 
 

non-root

non-root

 
 

x86

x86

 
 

IG_SIG_KEY.json

IG_SIG_KEY.json

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Instagram SSL Pinning

Bypass Instagram SSL Pinning on Android (ARM, x86 and AArch64) Version 237.0.0.14.102

Do you like this project? Support it by donating

  • Bitcoin: bc1qfr59gu23rxurhj8aarerx3y6gmh546kf88cte6

  • Ethereum: 0xbCdC08E42B31ECB9a97749F69BCce7AcE6834cAC

  • Dogecoin: DEvEGbjmKw8v2Rka9JbKVWMBepXfZh95Zf

  • Buy me a coffee

Requirements

  • The latest version of JDK (Download)

  • The latest version of (Burp Suite) or (mitmproxy)

  • Instagram APK (ARM - x86 - AArch64) - For root method only
    Download only from these links, not Google Play or somewhere else

  • a rooted Android device (Physical or virtual) - For root method only
    Genymotion Android 8+ recommended.
    Genymotion virtual devices is x86 and rooted by default.

  • ADB (Download) - For root method only
    Genymotion will install ADB automatically, and you can find it on <Genymotion Installation path>/tools

Non-Root Method (Recommended)

Instructions

  1. Download and install patched APK (ARM - x86)
    ARM on a physical device or ARM on Genymotion Android 8-Oreo with ARM Translation strongly recommended!

    1.2. For x86 only, Open Instagram app (wait a few seconds) and close it.
    It's important to run Instagram app once, before setting the proxy!

  2. Run Burp Suite with /<JDK Installation path>/bin/java -jar burpsuite_community.jar and setting up proxy on your Android device.
    Don't forget to turn off the Burp proxy intercept from Proxy > Intercept tab
    You should install Burp Suite certificate on your Android device

  3. That's it! Now open the Instagram app on your device and intercept the requests in Burp Suite !

Root Method

Watch tutorial video

Instructions (It's important to do step by step)

  1. Download and install Instagram apk on your device.

  2. Open Instagram app (wait a few seconds) and close it.
    It's important to run Instagram app once, before start patching!

  3. Download the patched file (ARM - x86 - AArch64) and push it to the device:
    ARM, x86 and AArch64: adb push libliger.so /data/data/com.instagram.android/lib-compressed/libliger.so

  4. Open Instagram app again (wait a few seconds) and close it.

  5. Run Burp Suite with /<JDK Installation path>/bin/java -jar burpsuite_community.jar and setting up proxy on your Android device.
    You must set the proxy in this step
    Don't forget to turn off the Burp proxy intercept from Proxy > Intercept tab
    You should install Burp Suite certificate on your Android device

  6. That's it! Now open the Instagram app and intercept the requests in Burp Suite !

Instagram Signature Key for ARM and x86

  • v136.0.0.34.124: 46024e8f31e295869a0e861eaed42cb1dd8454b55232d85f6c6764365079374b
  • Instagram does not sign requests in versions newer than 136.0.0.34.124, it's just SIGNATURE string.
    Example: signed_body=SIGNATURE.{"phone_id":"51df5a24-e59e-46cd-bc01-fe658aba9f18","_csrftoken":"mPzWvJ399rqCxOY5rn6Bggq7oOcFkf6U","usage":"prefill"}

About

Bypass Instagram SSL Pinning on Android

Resources

Readme

License

GPL-3.0 license
Activity

Stars

495 stars

Watchers

58 watching

Forks

119 forks
Report repository