A Frida script that disables Flutter's TLS verification
This script works on Android x86, Android x64 and iOS x64. It uses pattern matching to find ssl_verify_peer_cert in handshake.cc
You can use it via Frida by downloading disable-flutter-tls.js or by using Frida codeshare:
frida -U -f your.package.name -l disable-flutter-tls.js --no-pause
# or Frida codeshare
frida -U --codeshare TheDauntless/disable-flutter-tls-v1 -f YOUR_BINARYFurther information can be found in this blogpost.
Before creating a GitHub issue, please test the following steps:
- Can you intercept HTTP requests from the demo application?
- If not, note that Flutter apps do not use the system's proxy settings by default. This means you should use Proxydroid on Android and OpenVPN on iOS (or a rogue rogue access point on both). On the Android Studio AVDs, you can use
-http-proxywhen launching the emulator.
- If not, note that Flutter apps do not use the system's proxy settings by default. This means you should use Proxydroid on Android and OpenVPN on iOS (or a rogue rogue access point on both). On the Android Studio AVDs, you can use
- Can you intercept HTTPS requests from the demo application?
- Have you checked if your app's flutter library is inside the libflutter_samples directory?
- For Android: run
apktool d <YOURAPK>and runmd5sumonlibs/<ARCH>/libflutter.so - For iOS: Extract an unencrypted IPA, unzip it and run
md5sumonPayload/Runner.app/Frameworks/Flutter.framework/Flutter - Alternatively, copy
libflutter.soorFlutterto the correct folder inlibflutter_samplesand runpython3 verify.py
- For Android: run
If you can succesfully intercept all requests from the demo app and your library is not included in the samples, please open a GitHub issue with the app in question. It is possible that the app is using additional SSL pinning plugins, so a combination of this plugin and objection / other Frida scripts may be necessary. This is outside of the scope of this project and you will have to RE yourself to identify additional pinning protections.
