Files
Anthropic-Cybersecurity-Skills/skills/performing-mobile-app-certificate-pinning-bypass/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.5 KiB

API Reference — Performing Mobile App Certificate Pinning Bypass

Libraries Used

  • subprocess: Execute frida, objection, apktool, adb commands
  • pathlib: Read decompiled APK smali files

CLI Interface

python agent.py detect --apk app.apk
python agent.py frida --package com.example.app [--device emulator-5554]
python agent.py objection --package com.example.app
python agent.py proxy

Core Functions

detect_pinning_implementation(apk_path) — Static APK analysis

Decompiles APK with apktool. Searches smali for pinning indicators: OkHttp CertificatePinner, X509TrustManager, network_security_config, WebView SSL error handler, Conscrypt TrustManagerImpl, Certificate Transparency.

run_frida_bypass(package_name, device_id) — Dynamic Frida bypass

Injects JavaScript to bypass: TrustManagerImpl.verifyChain, OkHttp CertificatePinner.check, WebViewClient.onReceivedSslError.

run_objection_bypass(package_name) — Objection framework bypass

Runs android sslpinning disable via objection exploration mode.

check_proxy_setup() — Verify interception environment

Checks: Android proxy settings, system CA certificates, user-installed CA certs.

Pinning Strength Classification

Level Criteria
STRONG 3+ pinning implementations detected
MODERATE 1-2 implementations
NONE No pinning indicators found

Dependencies

pip install frida-tools objection

System: apktool, adb (Android Debug Bridge)