disable-flutter-tls-verification
A Frida script that disables Flutter's TLS verification
This script works on Android x86, Android x64 and iOS x64. It uses pattern matching to find ssl_verify_peer_cert in handshake.cc
You can use it via Frida by downloading disable-flutter-tls.js or by using Frida codeshare:
frida -U -f your.package.name -l disable-flutter-tls.js --no-pause
# or Frida codeshare
frida -U --codeshare TheDauntless/disable-flutter-tls-v1 -f YOUR_BINARY
Further information can be found in this blogpost.
⚠️ What if this script doesn't work?
Before creating a GitHub issue, please test the following steps:
- Can you intercept HTTP requests from the demo application?
- If not, note that Flutter apps do not use the system's proxy settings by default. This means you should use Proxydroid on Android and OpenVPN on iOS (or a rogue rogue access point on both). On the Android Studio AVDs, you can use
-http-proxy
when launching the emulator.
- If not, note that Flutter apps do not use the system's proxy settings by default. This means you should use Proxydroid on Android and OpenVPN on iOS (or a rogue rogue access point on both). On the Android Studio AVDs, you can use
- Can you intercept HTTPS requests from the demo application?
- Have you checked if your app's flutter library is inside the libflutter_samples directory?
- For Android: run
apktool d <YOURAPK>
and runmd5sum
onlibs/<ARCH>/libflutter.so
- For iOS: Extract an unencrypted IPA, unzip it and run
md5sum
onPayload/Runner.app/Frameworks/Flutter.framework/Flutter
- Alternatively, copy
libflutter.so
orFlutter
to the correct folder inlibflutter_samples
and runpython3 verify.py
- For Android: run
If you can succesfully intercept all requests from the demo app and your library is not included in the samples, please open a GitHub issue with the app in question. It is possible that the app is using additional SSL pinning plugins, so a combination of this plugin and objection / other Frida scripts may be necessary. This is outside of the scope of this project and you will have to RE yourself to identify additional pinning protections.