GitHub/JustTrustMe
1
0
Fork 0
mirror of https://github.com/Fuzion24/JustTrustMe.git synced 2026-03-27 07:09:46 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

Compare commits

base: GitHub:master
Branches Tags
GitHub:master GitHub:flag_switch
GitHub:v.2
..
compare: GitHub:v.2
Branches Tags
GitHub:master GitHub:flag_switch
GitHub:v.2

2 Commits
master ... v.2

Author SHA1 Message Date
Ryan Welton
4c6a404aea Add bin/ to gitignore and start using tags/releases 2016-01-26 10:18:42 -05:00
Ryan Welton
42edde1359 Update build version 2016-01-26 10:18:42 -05:00
8 changed files with 224 additions and 448 deletions
Expand all files Collapse all files

13
License.md
View File

@@ -1,13 +0,0 @@
Copyright [ 2019 ] [ Ryan Welton ]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

10
Readme.md
View File

@@ -1,7 +1,7 @@
JustTrustMe
===========
An xposed module that disables SSL certificate checking. This is useful for auditing an application which does certificate pinning. There also exists a nice framework built by @moxie to aid in pinning certs in your app: [certificate pinning](https://github.com/moxie0/AndroidPinning).
An xposed module that disables SSL certificate checking. This is useful for auditing an appplication which does certificate pinning. You can read about the practice of cert pinning [here](https://viaforensics.com/resources/reports/best-practices-ios-android-secure-mobile-development/41-certificate-pinning/). There also exists a nice framework built by @moxie to aid in pinning certs in your app: [certificate pinning](https://github.com/moxie0/AndroidPinning).
An example of an application that does cert pinning is [Twitter](https://play.google.com/store/apps/details?id=com.twitter.android). If you would like to view the network traffic for this application, you must disable the certificate pinning.
@@ -14,14 +14,12 @@ You can download the xposed framework [here](http://repo.xposed.info/module/de.r
### Install from binary
The JustTrustMe binary can be downloaded from [https://github.com/Fuzion24/JustTrustMe/releases/latest](https://github.com/Fuzion24/JustTrustMe/releases/latest)
```
adb install ./JustTrustMe.apk
adb install ./bin/JustTrustMe.apk
```
or navigate here and download the APK on your phone:
[https://github.com/Fuzion24/JustTrustMe/releases/latest](https://github.com/Fuzion24/JustTrustMe/releases/latest)
[https://github.com/Fuzion24/JustTrustMe/blob/master/bin/JustTrustMe.apk?raw=true](https://github.com/Fuzion24/JustTrustMe/blob/master/bin/JustTrustMe.apk?raw=true)
### Build from Source

13
app/build.gradle
View File

@@ -1,13 +1,14 @@
apply plugin: 'com.android.application'
android {
compileSdkVersion 30
compileSdkVersion 22
buildToolsVersion '22.0.1'
defaultConfig {
applicationId 'just.trust.me'
minSdkVersion 16
targetSdkVersion 30
versionCode 3
versionName '.3'
targetSdkVersion 22
versionCode 2
versionName '.2'
}
buildTypes {
@@ -17,10 +18,8 @@ android {
}
productFlavors {
}
useLibrary 'org.apache.http.legacy'
}
dependencies {
compileOnly fileTree(dir: 'libs', include: ['*.jar'])
implementation 'org.apache.httpcomponents:httpcore:4.4.2'
provided fileTree(dir: 'libs', include: ['*.jar'])
}

605
app/src/main/java/just/trust/me/Main.java
View File

@@ -1,65 +1,56 @@
package just.trust.me;
import android.annotation.TargetApi;
import android.content.Context;
import android.net.http.SslError;
import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Log;
import android.util.Pair;
import android.webkit.SslErrorHandler;
import android.webkit.WebView;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
import java.security.SecureRandom;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.HttpParams;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import static de.robv.android.xposed.XC_MethodReplacement.DO_NOTHING;
import static de.robv.android.xposed.XposedHelpers.callMethod;
import static de.robv.android.xposed.XposedHelpers.callStaticMethod;
import static de.robv.android.xposed.XposedHelpers.findAndHookConstructor;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
import static de.robv.android.xposed.XposedHelpers.getObjectField;
import static de.robv.android.xposed.XposedHelpers.newInstance;
import static de.robv.android.xposed.XposedHelpers.setObjectField;
import static de.robv.android.xposed.XposedHelpers.findClass;
public class Main implements IXposedHookLoadPackage {
@@ -69,108 +60,95 @@ public class Main implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
currentPackageName = lpparam.packageName;
/* Apache Hooks */
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient() */
if (hasDefaultHTTPClient()) {
Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", null);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", (HttpParams) param.args[0]);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
HttpParams params = (HttpParams) param.args[1];
setObjectField(param.thisObject, "defaultParams", params);
setObjectField(param.thisObject, "connManager", getCCM(param.args[0], params));
}
});
}
findAndHookMethod(X509TrustManagerExtensions.class, "checkServerTrusted", X509Certificate[].class, String.class, String.class, new XC_MethodReplacement() {
Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return param.args[0];
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", null);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
findAndHookMethod("android.security.net.config.NetworkSecurityTrustManager", lpparam.classLoader, "checkPins", List.class, DO_NOTHING);
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", (HttpParams) param.args[0]);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
HttpParams params = (HttpParams) param.args[1];
setObjectField(param.thisObject, "defaultParams", params);
setObjectField(param.thisObject, "connManager", getCCM(param.args[0], params));
}
});
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public SSLSocketFactory( ... ) */
try {
Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class,
SecureRandom.class, HostNameResolver.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class,
SecureRandom.class, HostNameResolver.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
String algorithm = (String) param.args[0];
KeyStore keystore = (KeyStore) param.args[1];
String keystorePassword = (String) param.args[2];
SecureRandom random = (SecureRandom) param.args[4];
String algorithm = (String) param.args[0];
KeyStore keystore = (KeyStore) param.args[1];
String keystorePassword = (String) param.args[2];
SecureRandom random = (SecureRandom) param.args[4];
KeyManager[] keymanagers = null;
TrustManager[] trustmanagers = null;
KeyManager[] keymanagers = null;
TrustManager[] trustmanagers = null;
if (keystore != null) {
keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword);
}
trustmanagers = new TrustManager[]{getTrustManager()};
setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm));
callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random);
setObjectField(param.thisObject, "socketfactory",
callMethod(getObjectField(param.thisObject, "sslcontext"), "getSocketFactory"));
if (keystore != null) {
keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword);
}
});
trustmanagers = new TrustManager[]{new ImSureItsLegitTrustManager()};
setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm));
callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random);
setObjectField(param.thisObject, "socketfactory",
callMethod(getObjectField(param.thisObject, "sslcontext"), "getSocketFactory"));
}
});
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public static SSLSocketFactory getSocketFactory() */
Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return (SSLSocketFactory) newInstance(SSLSocketFactory.class);
}
});
} catch (NoClassDefFoundError e) {
Log.d(TAG, "NoClassDefFoundError SSLSocketFactory HostNameResolver for: " + currentPackageName);
}
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public static SSLSocketFactory getSocketFactory() */
Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return (SSLSocketFactory) newInstance(SSLSocketFactory.class);
}
});
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public boolean isSecure(Socket) */
Log.d(TAG, "Hooking SSLSocketFactory(Socket) for: " + currentPackageName);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, DO_NOTHING);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return true;
}
});
/* JSSE Hooks */
/* libcore/luni/src/main/java/javax/net/ssl/TrustManagerFactory.java */
@@ -183,12 +161,12 @@ public class Main implements IXposedHookLoadPackage {
if (hasTrustManagerImpl()) {
Class<?> cls = findClass("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader);
TrustManager[] managers = (TrustManager[]) param.getResult();
if (managers.length > 0 && cls.isInstance(managers[0]))
TrustManager[] managers = (TrustManager[])param.getResult();
if(managers.length > 0 && cls.isInstance(managers[0]))
return;
}
param.setResult(new TrustManager[]{getTrustManager()});
param.setResult(new TrustManager[]{new ImSureItsLegitTrustManager()});
}
});
@@ -196,17 +174,34 @@ public class Main implements IXposedHookLoadPackage {
/* public void setDefaultHostnameVerifier(HostnameVerifier) */
Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setDefaultHostnameVerifier",
HostnameVerifier.class, DO_NOTHING);
HostnameVerifier.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
/* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */
/* public void setSSLSocketFactory(SSLSocketFactory) */
Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class, DO_NOTHING);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
/* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */
/* public void setHostnameVerifier(HostNameVerifier) */
Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class, DO_NOTHING);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
/* WebView Hooks */
@@ -215,115 +210,58 @@ public class Main implements IXposedHookLoadPackage {
Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, SslErrorHandler, SslError) for: " + currentPackageName);
findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedSslError",
WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
((android.webkit.SslErrorHandler) param.args[1]).proceed();
return null;
}
});
WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
((android.webkit.SslErrorHandler)param.args[1]).proceed();
return null;
}
});
/* frameworks/base/core/java/android/webkit/WebViewClient.java */
/* public void onReceivedError(WebView, int, String, String) */
Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + currentPackageName);
findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedError",
WebView.class, int.class, String.class, String.class, DO_NOTHING);
//SSLContext.init >> (null,ImSureItsLegitTrustManager,null)
findAndHookMethod("javax.net.ssl.SSLContext", lpparam.classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() {
WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
param.args[0] = null;
param.args[1] = new TrustManager[]{getTrustManager()};
param.args[2] = null;
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
// Multi-dex support: https://github.com/rovo89/XposedBridge/issues/30#issuecomment-68486449
findAndHookMethod("android.app.Application",
lpparam.classLoader,
"attach",
Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// Hook OkHttp or third party libraries.
Context context = (Context) param.args[0];
processOkHttp(context.getClassLoader());
processHttpClientAndroidLib(context.getClassLoader());
processXutils(context.getClassLoader());
}
lpparam.classLoader,
"attach",
Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// Hook OkHttp or third party libraries.
Context context = (Context) param.args[0];
processOkHttp(context.getClassLoader());
}
}
);
/* Only for newer devices should we try to hook TrustManagerImpl */
if (hasTrustManagerImpl()) {
/* TrustManagerImpl Hooks */
/* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java */
Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl for: " + currentPackageName);
/* public void checkServerTrusted(X509Certificate[] chain, String authType) */
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader,
"checkServerTrusted", X509Certificate[].class, String.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return 0;
}
});
/* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java#217 */
/* public List<X509Certificate> checkServerTrusted(X509Certificate[] chain,
String authType, String host) throws CertificateException */
Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(X509Certificate[]) for: " + currentPackageName);
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader,
"checkServerTrusted", X509Certificate[].class, String.class,
String.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
/* public List<X509Certificate> checkServerTrusted(X509Certificate[] chain,
String authType, SSLSession session) throws CertificateException */
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader,
"checkServerTrusted", X509Certificate[].class, String.class,
SSLSession.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
try {
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, String.class, SSLSession.class, SSLParameters.class, boolean.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class, boolean.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
} catch (NoSuchMethodError e) {
}
"checkServerTrusted", X509Certificate[].class, String.class,
String.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
}
} // End Hooks
/* Helpers */
@@ -332,31 +270,12 @@ public class Main implements IXposedHookLoadPackage {
try {
Class.forName("com.android.org.conscrypt.TrustManagerImpl");
} catch (ClassNotFoundException e) {
} catch(ClassNotFoundException e) {
return false;
}
return true;
}
public boolean hasDefaultHTTPClient() {
try {
Class.forName("org.apache.http.impl.client.DefaultHttpClient");
} catch (ClassNotFoundException e) {
return false;
}
return true;
}
private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{getTrustManager()}, null);
return sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
return null;
}
}
//Create a SingleClientConnManager that trusts everyone!
public ClientConnectionManager getSCCM() {
@@ -382,8 +301,8 @@ public class Main implements IXposedHookLoadPackage {
}
}
//This function creates a ThreadSafeClientConnManager that trusts everyone!
public ClientConnectionManager getTSCCM(HttpParams params) {
//This function creates a ThreadSafeClientConnManager that trusts everyone!
public ClientConnectionManager getTSCCM(HttpParams params) {
KeyStore trustStore;
try {
@@ -414,36 +333,14 @@ public class Main implements IXposedHookLoadPackage {
if (className.equals("SingleClientConnManager")) {
return getSCCM();
} else if (className.equals("ThreadSafeClientConnManager")) {
}
else if (className.equals("ThreadSafeClientConnManager")) {
return getTSCCM(params);
}
return null;
}
private void processXutils(ClassLoader classLoader) {
Log.d(TAG, "Hooking org.xutils.http.RequestParams.setSslSocketFactory(SSLSocketFactory) (3) for: " + currentPackageName);
try {
classLoader.loadClass("org.xutils.http.RequestParams");
findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setSslSocketFactory", javax.net.ssl.SSLSocketFactory.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
param.args[0] = getEmptySSLFactory();
}
});
findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setHostnameVerifier", HostnameVerifier.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
param.args[0] = new ImSureItsLegitHostnameVerifier();
}
});
} catch (Exception e) {
Log.d(TAG, "org.xutils.http.RequestParams not found in " + currentPackageName + "-- not hooking");
}
}
void processOkHttp(ClassLoader classLoader) {
/* hooking OKHTTP by SQUAREUP */
/* com/squareup/okhttp/CertificatePinner.java available online @ https://github.com/square/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java */
@@ -455,19 +352,19 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("com.squareup.okhttp.CertificatePinner");
findAndHookMethod("com.squareup.okhttp.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
// pass
Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking");
Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking");
}
//https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/CertificatePinner.java#L144
@@ -476,12 +373,17 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
DO_NOTHING);
} catch (ClassNotFoundException e) {
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return null;
}
});
} catch(ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking");
// pass
}
@@ -490,17 +392,17 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier");
findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier",
classLoader,
"verify",
String.class,
javax.net.ssl.SSLSession.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
classLoader,
"verify",
String.class,
javax.net.ssl.SSLSession.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, SSLSession)");
// pass
}
@@ -509,149 +411,40 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier");
findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier",
classLoader,
"verify",
String.class,
java.security.cert.X509Certificate.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
classLoader,
"verify",
String.class,
java.security.cert.X509Certificate.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, X509)(");
// pass
}
//https://github.com/square/okhttp/blob/okhttp_4.2.x/okhttp/src/main/java/okhttp3/CertificatePinner.kt
Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (4.2.0+) for: " + currentPackageName);
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check$okhttp",
String.class,
"kotlin.jvm.functions.Function0",
DO_NOTHING);
} catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException | NoSuchMethodError e) {
Log.d(TAG, "OKHTTP 4.2.0+ (check$okhttp) not found in " + currentPackageName + " -- not hooking");
// pass
}
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
DO_NOTHING);
} catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException | NoSuchMethodError e) {
Log.d(TAG, "OKHTTP 4.2.0+ (check) not found in " + currentPackageName + " -- not hooking");
// pass
}
}
void processHttpClientAndroidLib(ClassLoader classLoader) {
/* httpclientandroidlib Hooks */
/* public final void verify(String host, String[] cns, String[] subjectAlts, boolean strictWithSubDomains) throws SSLException */
Log.d(TAG, "Hooking AbstractVerifier.verify(String, String[], String[], boolean) for: " + currentPackageName);
try {
classLoader.loadClass("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier");
findAndHookMethod("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier", classLoader, "verify",
String.class, String[].class, String[].class, boolean.class,
DO_NOTHING);
} catch (ClassNotFoundException e) {
// pass
Log.d(TAG, "httpclientandroidlib not found in " + currentPackageName + "-- not hooking");
}
}
@TargetApi(Build.VERSION_CODES.N)
private class ImSureItsLegitExtendedTrustManager extends X509ExtendedTrustManager {
class ImSureItsLegitTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private class ImSureItsLegitTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private X509TrustManager getTrustManager() {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
return new ImSureItsLegitExtendedTrustManager();
} else {
return new ImSureItsLegitTrustManager();
}
}
private class ImSureItsLegitHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
/* This class creates a SSLSocket that trusts everyone. */
public class TrustAllSSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public TrustAllSSLSocketFactory(KeyStore truststore) throws
NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
@@ -667,7 +460,7 @@ public class Main implements IXposedHookLoadPackage {
}
};
sslContext.init(null, new TrustManager[]{tm}, null);
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override

8
build.gradle
View File

@@ -2,11 +2,10 @@
buildscript {
repositories {
google()
jcenter()
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:7.2.1'
classpath 'com.android.tools.build:gradle:1.5.0'
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
@@ -15,7 +14,6 @@ buildscript {
allprojects {
repositories {
google()
jcenter()
jcenter()
}
}

1
build.sh
View File

@@ -1,5 +1,4 @@
APK_PATH="bin/JustTrustMe.apk"
mkdir bin
./gradlew assembleRelease && cp app/build/outputs/apk/app-release-unsigned.apk $APK_PATH && signapk $APK_PATH
#adb install -r bin/AndroidVTS.apk

19
gradle.properties
View File

@@ -1,17 +1,18 @@
## Project-wide Gradle settings.
#
# Project-wide Gradle settings.
# IDE (e.g. Android Studio) users:
# Settings specified in this file will override any Gradle settings
# configured through the IDE.
# For more details on how to configure your build environment visit
# http://www.gradle.org/docs/current/userguide/build_environment.html
#
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
# Default value: -Xmx1024m -XX:MaxPermSize=256m
# Default value: -Xmx10248m -XX:MaxPermSize=256m
# org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
#
# When configured, Gradle will run in incubating parallel mode.
# This option should only be used with decoupled projects. More details, visit
# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
# org.gradle.parallel=true
#Mon Jun 26 14:34:35 CST 2017
#systemProp.http.proxyHost=127.0.0.1
#systemProp.http.proxyPort=1080
# org.gradle.parallel=true

3
gradle/wrapper/gradle-wrapper.properties vendored
View File

@@ -1,5 +1,6 @@
#Tue Dec 16 21:30:06 EST 2014
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-2.2.1-all.zip