GitHub/JustTrustMe
1
0
Fork 0
mirror of https://github.com/Fuzion24/JustTrustMe.git synced 2026-03-24 06:39:45 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

Compare commits

base: GitHub:v.2
Branches Tags
GitHub:master GitHub:flag_switch
GitHub:v.2
...
compare: GitHub:master
Branches Tags
GitHub:master GitHub:flag_switch
GitHub:v.2

36 Commits
v.2 ... master

Author SHA1 Message Date
Ryan Welton
35efd07e93 Merge pull request #71 from xxxxxliil/patch-1 
chore: comment proxy config
 2024-09-02 15:03:26 -04:00
行旅途
cccf6e95d8 chore: comment proxy config 
This is an infrequently used configuration introduced from commit ad5c3dd, which can lead to unknowingly troubleshooting non-existent network problems all the time.
 2024-07-16 23:01:33 +08:00
Ryan Welton
744fc1f69e Merge pull request #70 from kiber-io/master 
Support X509ExtendedTrustManager for sdk >= 24
 2024-04-11 20:56:40 -04:00
kiber.io
3a523b8453 Support X509ExtendedTrustManager for sdk >= 24 2024-03-19 15:09:07 +03:00
Ryan Welton
861c5faffe Merge pull request #60 from kasnder/master 
Handle various errors on Android 7 and 11
 2022-05-29 16:14:15 -04:00
Konrad Kollnig
78a4fd5084 Update gradle 2022-05-27 18:12:10 +01:00
Konrad Kollnig
8fd3bb8917 Merge pull request #1 from tenwx/master 
support java11 sdk30 compile
 2021-09-07 13:46:04 +02:00
tenwx
f010b76d8f support java11 sdk30 compile 2021-09-03 19:47:22 +08:00
Konrad Kollnig
8cff1ae551 Merge changes of #59 2021-05-22 11:21:46 +02:00
Konrad Kollnig
b13d28e00c Fix OKHTTP 4.2.0+ 2021-05-22 11:05:29 +02:00
Konrad Kollnig
266dbb8144 Cleanup 2021-05-22 11:05:19 +02:00
Konrad Kollnig
9623835abb Handle various errors on Android 7 and 11 2021-05-11 18:12:06 +02:00
Ryan Welton
152557dac1 Merge pull request #55 from MagicWizz/patch-1 
Add other function to bypass
 2020-12-07 20:25:40 -05:00
MagicWizz
f0aaebff62 Add other function to bypass 
These function aren't currently hooked by JustTrustMe, but they are used in some applications.
 2020-10-08 01:29:42 +02:00
Ryan Welton
dc1c1a4ffe Merge pull request #54 from Curz0n/master 
Add support for OkHttp4.2.0+
 2020-08-17 22:32:45 -04:00
Curz0n
61de032932 Add support for OkHttp4.2.0+ 2020-08-15 16:21:15 +08:00
Ryan Welton
01f277f66c Add License 2019-06-10 17:06:17 -04:00
Ryan Welton
8b527ef995 Change target sdk 2019-06-10 17:06:17 -04:00
Ryan Welton
97df9d6c9c Updates 2019-06-10 17:06:17 -04:00
Ryan Welton
99c925ee3d Merge pull request #43 from AndreyPesnyak/master 
add checkServerTrusted(X509Certificate[], String, String, String) method
 2019-04-18 14:24:34 -04:00
apesnyak
87e0ca5a77 add checkServerTrusted(X509Certificate[], String, String, String) method 2019-01-11 12:59:09 +07:00
Ryan Welton
08e196d5be Merge pull request #30 from Qrilee/master 
add support for sslContext & xUtils3
 2018-04-15 12:02:57 -04:00
Ryan Welton
e10f34cf1b Update Readme.md 2018-04-05 18:04:50 -04:00
Ryan Welton
6da0775ee0 Merge pull request #36 from abreksa4/patch-1 
fix typo in project README.md
 2018-02-11 21:18:09 -05:00
Andrew Breksa
38c875c055 fix typo in project README.md 2018-02-09 08:38:33 -08:00
qtfreet00
ad5c3ddd12 add support for sslContext & xUtils3 2017-06-26 14:37:35 +08:00
Ryan Welton
31ea86e52c Merge pull request #28 from jakev/better_trustmanager 
Better trustmanager
 2017-06-19 19:17:28 -04:00
Jake Valletta
e9bbd648b6 Updated TrustManagerImpl Support 
The previous versions were only hooking 1 of 3 methods used to
perform server certificate checks. This commit adds the remaining
2 methods.
 2017-06-19 13:40:37 -07:00
Jake Valletta
40594e973a Updated gradle build versions 2017-06-19 13:40:23 -07:00
Ryan Welton
4bbd1867e0 Merge pull request #22 from SG57/master 
httpclientandroidlib Certificate Pinning Bypass
 2016-09-06 16:14:30 -04:00
Cord Rehn
f1b2fd46ab Updated version 2016-09-04 12:38:27 -07:00
Cord Rehn
d1761cadca Added certificate pinning bypass support for httpclientandroidlib 2016-09-04 12:38:17 -07:00
Ryan Welton
542f511ab8 Add bin/ to gitignore and start using tags/releases 2016-01-26 10:36:25 -05:00
Ryan Welton
8eebb39669 Update build version 2016-01-26 10:36:25 -05:00
Ryan Welton
8b5e82c1c0 Update Readme.md 2016-01-26 10:36:10 -05:00
Ryan Welton
5c33b20160 Change readme to point to github releases 2016-01-26 10:35:35 -05:00
10 changed files with 451 additions and 226 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,4 +1,5 @@
*.iml
/bin/
app/build/
app/src/main/bin/
app/src/main/gen/

13
License.md Normal file
View File

@@ -0,0 +1,13 @@
Copyright [ 2019 ] [ Ryan Welton ]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

14
Readme.md
View File

@@ -1,7 +1,7 @@
JustTrustMe
===========
An xposed module that disables SSL certificate checking. This is useful for auditing an appplication which does certificate pinning. You can read about the practice of cert pinning [here](https://viaforensics.com/resources/reports/best-practices-ios-android-secure-mobile-development/41-certificate-pinning/). There also exists a nice framework built by @moxie to aid in pinning certs in your app: [certificate pinning](https://github.com/moxie0/AndroidPinning).
An xposed module that disables SSL certificate checking. This is useful for auditing an application which does certificate pinning. There also exists a nice framework built by @moxie to aid in pinning certs in your app: [certificate pinning](https://github.com/moxie0/AndroidPinning).
An example of an application that does cert pinning is [Twitter](https://play.google.com/store/apps/details?id=com.twitter.android). If you would like to view the network traffic for this application, you must disable the certificate pinning.
@@ -14,12 +14,14 @@ You can download the xposed framework [here](http://repo.xposed.info/module/de.r
### Install from binary
```
adb install ./bin/JustTrustMe.apk
```
or navigate here and download the APK on your phone:
The JustTrustMe binary can be downloaded from [https://github.com/Fuzion24/JustTrustMe/releases/latest](https://github.com/Fuzion24/JustTrustMe/releases/latest)
[https://github.com/Fuzion24/JustTrustMe/blob/master/bin/JustTrustMe.apk?raw=true](https://github.com/Fuzion24/JustTrustMe/blob/master/bin/JustTrustMe.apk?raw=true)
```
adb install ./JustTrustMe.apk
```
or navigate here and download the APK on your phone:
[https://github.com/Fuzion24/JustTrustMe/releases/latest](https://github.com/Fuzion24/JustTrustMe/releases/latest)
### Build from Source

13
app/build.gradle
View File

@@ -1,14 +1,13 @@
apply plugin: 'com.android.application'
android {
compileSdkVersion 22
buildToolsVersion '22.0.1'
compileSdkVersion 30
defaultConfig {
applicationId 'just.trust.me'
minSdkVersion 16
targetSdkVersion 22
versionCode 1
versionName '1.0'
targetSdkVersion 30
versionCode 3
versionName '.3'
}
buildTypes {
@@ -18,8 +17,10 @@ android {
}
productFlavors {
}
useLibrary 'org.apache.http.legacy'
}
dependencies {
provided fileTree(dir: 'libs', include: ['*.jar'])
compileOnly fileTree(dir: 'libs', include: ['*.jar'])
implementation 'org.apache.httpcomponents:httpcore:4.4.2'
}

605
app/src/main/java/just/trust/me/Main.java
View File

@@ -1,56 +1,65 @@
package just.trust.me;
import android.annotation.TargetApi;
import android.content.Context;
import android.net.http.SslError;
import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Log;
import android.util.Pair;
import android.webkit.SslErrorHandler;
import android.webkit.WebView;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.List;
import java.security.SecureRandom;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.HttpParams;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import de.robv.android.xposed.IXposedHookLoadPackage;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XC_MethodReplacement;
import de.robv.android.xposed.XposedHelpers;
import de.robv.android.xposed.callbacks.XC_LoadPackage.LoadPackageParam;
import static de.robv.android.xposed.XC_MethodReplacement.DO_NOTHING;
import static de.robv.android.xposed.XposedHelpers.callMethod;
import static de.robv.android.xposed.XposedHelpers.callStaticMethod;
import static de.robv.android.xposed.XposedHelpers.findAndHookConstructor;
import static de.robv.android.xposed.XposedHelpers.findAndHookMethod;
import static de.robv.android.xposed.XposedHelpers.findClass;
import static de.robv.android.xposed.XposedHelpers.getObjectField;
import static de.robv.android.xposed.XposedHelpers.newInstance;
import static de.robv.android.xposed.XposedHelpers.setObjectField;
import static de.robv.android.xposed.XposedHelpers.findClass;
public class Main implements IXposedHookLoadPackage {
@@ -60,95 +69,108 @@ public class Main implements IXposedHookLoadPackage {
public void handleLoadPackage(final LoadPackageParam lpparam) throws Throwable {
currentPackageName = lpparam.packageName;
/* Apache Hooks */
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient() */
Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
if (hasDefaultHTTPClient()) {
Log.d(TAG, "Hooking DefaultHTTPClient for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", null);
setObjectField(param.thisObject, "connManager", getSCCM());
setObjectField(param.thisObject, "defaultParams", null);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", (HttpParams) param.args[0]);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
HttpParams params = (HttpParams) param.args[1];
setObjectField(param.thisObject, "defaultParams", params);
setObjectField(param.thisObject, "connManager", getCCM(param.args[0], params));
}
});
}
findAndHookMethod(X509TrustManagerExtensions.class, "checkServerTrusted", X509Certificate[].class, String.class, String.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return param.args[0];
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
setObjectField(param.thisObject, "defaultParams", (HttpParams) param.args[0]);
setObjectField(param.thisObject, "connManager", getSCCM());
}
});
/* external/apache-http/src/org/apache/http/impl/client/DefaultHttpClient.java */
/* public DefaultHttpClient(ClientConnectionManager conman, HttpParams params) */
Log.d(TAG, "Hooking DefaultHTTPClient(ClientConnectionManager, HttpParams) for: " + currentPackageName);
findAndHookConstructor(DefaultHttpClient.class, ClientConnectionManager.class, HttpParams.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
HttpParams params = (HttpParams) param.args[1];
setObjectField(param.thisObject, "defaultParams", params);
setObjectField(param.thisObject, "connManager", getCCM(param.args[0], params));
}
});
findAndHookMethod("android.security.net.config.NetworkSecurityTrustManager", lpparam.classLoader, "checkPins", List.class, DO_NOTHING);
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public SSLSocketFactory( ... ) */
Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class,
SecureRandom.class, HostNameResolver.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
try {
Log.d(TAG, "Hooking SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookConstructor(SSLSocketFactory.class, String.class, KeyStore.class, String.class, KeyStore.class,
SecureRandom.class, HostNameResolver.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
String algorithm = (String) param.args[0];
KeyStore keystore = (KeyStore) param.args[1];
String keystorePassword = (String) param.args[2];
SecureRandom random = (SecureRandom) param.args[4];
String algorithm = (String) param.args[0];
KeyStore keystore = (KeyStore) param.args[1];
String keystorePassword = (String) param.args[2];
SecureRandom random = (SecureRandom) param.args[4];
KeyManager[] keymanagers = null;
TrustManager[] trustmanagers = null;
KeyManager[] keymanagers = null;
TrustManager[] trustmanagers = null;
if (keystore != null) {
keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword);
if (keystore != null) {
keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword);
}
trustmanagers = new TrustManager[]{getTrustManager()};
setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm));
callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random);
setObjectField(param.thisObject, "socketfactory",
callMethod(getObjectField(param.thisObject, "sslcontext"), "getSocketFactory"));
}
trustmanagers = new TrustManager[]{new ImSureItsLegitTrustManager()};
setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm));
callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random);
setObjectField(param.thisObject, "socketfactory",
callMethod(getObjectField(param.thisObject, "sslcontext"), "getSocketFactory"));
}
});
});
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public static SSLSocketFactory getSocketFactory() */
Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return (SSLSocketFactory) newInstance(SSLSocketFactory.class);
}
});
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public static SSLSocketFactory getSocketFactory() */
Log.d(TAG, "Hooking static SSLSocketFactory(String, KeyStore, String, KeyStore) for: " + currentPackageName);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "getSocketFactory", new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return (SSLSocketFactory) newInstance(SSLSocketFactory.class);
}
});
} catch (NoClassDefFoundError e) {
Log.d(TAG, "NoClassDefFoundError SSLSocketFactory HostNameResolver for: " + currentPackageName);
}
/* external/apache-http/src/org/apache/http/conn/ssl/SSLSocketFactory.java */
/* public boolean isSecure(Socket) */
Log.d(TAG, "Hooking SSLSocketFactory(Socket) for: " + currentPackageName);
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return true;
}
});
findAndHookMethod("org.apache.http.conn.ssl.SSLSocketFactory", lpparam.classLoader, "isSecure", Socket.class, DO_NOTHING);
/* JSSE Hooks */
/* libcore/luni/src/main/java/javax/net/ssl/TrustManagerFactory.java */
@@ -161,12 +183,12 @@ public class Main implements IXposedHookLoadPackage {
if (hasTrustManagerImpl()) {
Class<?> cls = findClass("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader);
TrustManager[] managers = (TrustManager[])param.getResult();
if(managers.length > 0 && cls.isInstance(managers[0]))
TrustManager[] managers = (TrustManager[]) param.getResult();
if (managers.length > 0 && cls.isInstance(managers[0]))
return;
}
param.setResult(new TrustManager[]{new ImSureItsLegitTrustManager()});
param.setResult(new TrustManager[]{getTrustManager()});
}
});
@@ -174,34 +196,17 @@ public class Main implements IXposedHookLoadPackage {
/* public void setDefaultHostnameVerifier(HostnameVerifier) */
Log.d(TAG, "Hooking HttpsURLConnection.setDefaultHostnameVerifier for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setDefaultHostnameVerifier",
HostnameVerifier.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
HostnameVerifier.class, DO_NOTHING);
/* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */
/* public void setSSLSocketFactory(SSLSocketFactory) */
Log.d(TAG, "Hooking HttpsURLConnection.setSSLSocketFactory for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setSSLSocketFactory", javax.net.ssl.SSLSocketFactory.class, DO_NOTHING);
/* libcore/luni/src/main/java/javax/net/ssl/HttpsURLConnection.java */
/* public void setHostnameVerifier(HostNameVerifier) */
Log.d(TAG, "Hooking HttpsURLConnection.setHostnameVerifier for: " + currentPackageName);
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
}
});
findAndHookMethod("javax.net.ssl.HttpsURLConnection", lpparam.classLoader, "setHostnameVerifier", HostnameVerifier.class, DO_NOTHING);
/* WebView Hooks */
@@ -210,58 +215,115 @@ public class Main implements IXposedHookLoadPackage {
Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, SslErrorHandler, SslError) for: " + currentPackageName);
findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedSslError",
WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
((android.webkit.SslErrorHandler)param.args[1]).proceed();
return null;
}
});
WebView.class, SslErrorHandler.class, SslError.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
((android.webkit.SslErrorHandler) param.args[1]).proceed();
return null;
}
});
/* frameworks/base/core/java/android/webkit/WebViewClient.java */
/* public void onReceivedError(WebView, int, String, String) */
Log.d(TAG, "Hooking WebViewClient.onReceivedSslError(WebView, int, string, string) for: " + currentPackageName);
findAndHookMethod("android.webkit.WebViewClient", lpparam.classLoader, "onReceivedError",
WebView.class, int.class, String.class, String.class, new XC_MethodReplacement() {
WebView.class, int.class, String.class, String.class, DO_NOTHING);
//SSLContext.init >> (null,ImSureItsLegitTrustManager,null)
findAndHookMethod("javax.net.ssl.SSLContext", lpparam.classLoader, "init", KeyManager[].class, TrustManager[].class, SecureRandom.class, new XC_MethodHook() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return null;
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
param.args[0] = null;
param.args[1] = new TrustManager[]{getTrustManager()};
param.args[2] = null;
}
});
// Multi-dex support: https://github.com/rovo89/XposedBridge/issues/30#issuecomment-68486449
findAndHookMethod("android.app.Application",
lpparam.classLoader,
"attach",
Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// Hook OkHttp or third party libraries.
Context context = (Context) param.args[0];
processOkHttp(context.getClassLoader());
lpparam.classLoader,
"attach",
Context.class,
new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
// Hook OkHttp or third party libraries.
Context context = (Context) param.args[0];
processOkHttp(context.getClassLoader());
processHttpClientAndroidLib(context.getClassLoader());
processXutils(context.getClassLoader());
}
}
}
);
/* Only for newer devices should we try to hook TrustManagerImpl */
if (hasTrustManagerImpl()) {
/* TrustManagerImpl Hooks */
/* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java */
Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl for: " + currentPackageName);
/* public void checkServerTrusted(X509Certificate[] chain, String authType) */
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader,
"checkServerTrusted", X509Certificate[].class, String.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
return 0;
}
});
/* external/conscrypt/src/platform/java/org/conscrypt/TrustManagerImpl.java#217 */
/* public List<X509Certificate> checkServerTrusted(X509Certificate[] chain,
String authType, String host) throws CertificateException */
Log.d(TAG, "Hooking com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(X509Certificate[]) for: " + currentPackageName);
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader,
"checkServerTrusted", X509Certificate[].class, String.class,
String.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
"checkServerTrusted", X509Certificate[].class, String.class,
String.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
/* public List<X509Certificate> checkServerTrusted(X509Certificate[] chain,
String authType, SSLSession session) throws CertificateException */
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader,
"checkServerTrusted", X509Certificate[].class, String.class,
SSLSession.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
try {
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, String.class, SSLSession.class, SSLParameters.class, boolean.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
findAndHookMethod("com.android.org.conscrypt.TrustManagerImpl", lpparam.classLoader, "checkTrusted", X509Certificate[].class, byte[].class, byte[].class, String.class, String.class, boolean.class, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
});
} catch (NoSuchMethodError e) {
}
}
} // End Hooks
/* Helpers */
@@ -270,12 +332,31 @@ public class Main implements IXposedHookLoadPackage {
try {
Class.forName("com.android.org.conscrypt.TrustManagerImpl");
} catch(ClassNotFoundException e) {
} catch (ClassNotFoundException e) {
return false;
}
return true;
}
public boolean hasDefaultHTTPClient() {
try {
Class.forName("org.apache.http.impl.client.DefaultHttpClient");
} catch (ClassNotFoundException e) {
return false;
}
return true;
}
private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{getTrustManager()}, null);
return sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
return null;
}
}
//Create a SingleClientConnManager that trusts everyone!
public ClientConnectionManager getSCCM() {
@@ -301,8 +382,8 @@ public class Main implements IXposedHookLoadPackage {
}
}
//This function creates a ThreadSafeClientConnManager that trusts everyone!
public ClientConnectionManager getTSCCM(HttpParams params) {
//This function creates a ThreadSafeClientConnManager that trusts everyone!
public ClientConnectionManager getTSCCM(HttpParams params) {
KeyStore trustStore;
try {
@@ -333,14 +414,36 @@ public class Main implements IXposedHookLoadPackage {
if (className.equals("SingleClientConnManager")) {
return getSCCM();
}
else if (className.equals("ThreadSafeClientConnManager")) {
} else if (className.equals("ThreadSafeClientConnManager")) {
return getTSCCM(params);
}
return null;
}
private void processXutils(ClassLoader classLoader) {
Log.d(TAG, "Hooking org.xutils.http.RequestParams.setSslSocketFactory(SSLSocketFactory) (3) for: " + currentPackageName);
try {
classLoader.loadClass("org.xutils.http.RequestParams");
findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setSslSocketFactory", javax.net.ssl.SSLSocketFactory.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
param.args[0] = getEmptySSLFactory();
}
});
findAndHookMethod("org.xutils.http.RequestParams", classLoader, "setHostnameVerifier", HostnameVerifier.class, new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
param.args[0] = new ImSureItsLegitHostnameVerifier();
}
});
} catch (Exception e) {
Log.d(TAG, "org.xutils.http.RequestParams not found in " + currentPackageName + "-- not hooking");
}
}
void processOkHttp(ClassLoader classLoader) {
/* hooking OKHTTP by SQUAREUP */
/* com/squareup/okhttp/CertificatePinner.java available online @ https://github.com/square/okhttp/blob/master/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java */
@@ -352,19 +455,19 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("com.squareup.okhttp.CertificatePinner");
findAndHookMethod("com.squareup.okhttp.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
// pass
Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking");
Log.d(TAG, "OKHTTP 2.5 not found in " + currentPackageName + "-- not hooking");
}
//https://github.com/square/okhttp/blob/parent-3.0.1/okhttp/src/main/java/okhttp3/CertificatePinner.java#L144
@@ -373,17 +476,12 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return null;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"check",
String.class,
List.class,
DO_NOTHING);
} catch (ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking");
// pass
}
@@ -392,17 +490,17 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier");
findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier",
classLoader,
"verify",
String.class,
javax.net.ssl.SSLSession.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"verify",
String.class,
javax.net.ssl.SSLSession.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, SSLSession)");
// pass
}
@@ -411,40 +509,149 @@ public class Main implements IXposedHookLoadPackage {
try {
classLoader.loadClass("okhttp3.internal.tls.OkHostnameVerifier");
findAndHookMethod("okhttp3.internal.tls.OkHostnameVerifier",
classLoader,
"verify",
String.class,
java.security.cert.X509Certificate.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch(ClassNotFoundException e) {
classLoader,
"verify",
String.class,
java.security.cert.X509Certificate.class,
new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam methodHookParam) throws Throwable {
return true;
}
});
} catch (ClassNotFoundException e) {
Log.d(TAG, "OKHTTP 3.x not found in " + currentPackageName + " -- not hooking OkHostnameVerifier.verify(String, X509)(");
// pass
}
//https://github.com/square/okhttp/blob/okhttp_4.2.x/okhttp/src/main/java/okhttp3/CertificatePinner.kt
Log.d(TAG, "Hooking okhttp3.CertificatePinner.check(String,List) (4.2.0+) for: " + currentPackageName);
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check$okhttp",
String.class,
"kotlin.jvm.functions.Function0",
DO_NOTHING);
} catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException | NoSuchMethodError e) {
Log.d(TAG, "OKHTTP 4.2.0+ (check$okhttp) not found in " + currentPackageName + " -- not hooking");
// pass
}
try {
classLoader.loadClass("okhttp3.CertificatePinner");
findAndHookMethod("okhttp3.CertificatePinner",
classLoader,
"check",
String.class,
List.class,
DO_NOTHING);
} catch (XposedHelpers.ClassNotFoundError | ClassNotFoundException | NoSuchMethodError e) {
Log.d(TAG, "OKHTTP 4.2.0+ (check) not found in " + currentPackageName + " -- not hooking");
// pass
}
}
class ImSureItsLegitTrustManager implements X509TrustManager {
void processHttpClientAndroidLib(ClassLoader classLoader) {
/* httpclientandroidlib Hooks */
/* public final void verify(String host, String[] cns, String[] subjectAlts, boolean strictWithSubDomains) throws SSLException */
Log.d(TAG, "Hooking AbstractVerifier.verify(String, String[], String[], boolean) for: " + currentPackageName);
try {
classLoader.loadClass("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier");
findAndHookMethod("ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier", classLoader, "verify",
String.class, String[].class, String[].class, boolean.class,
DO_NOTHING);
} catch (ClassNotFoundException e) {
// pass
Log.d(TAG, "httpclientandroidlib not found in " + currentPackageName + "-- not hooking");
}
}
@TargetApi(Build.VERSION_CODES.N)
private class ImSureItsLegitExtendedTrustManager extends X509ExtendedTrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private class ImSureItsLegitTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException {
ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
return list;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private X509TrustManager getTrustManager() {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
return new ImSureItsLegitExtendedTrustManager();
} else {
return new ImSureItsLegitTrustManager();
}
}
private class ImSureItsLegitHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
/* This class creates a SSLSocket that trusts everyone. */
public class TrustAllSSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public TrustAllSSLSocketFactory(KeyStore truststore) throws
NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
@@ -460,7 +667,7 @@ public class Main implements IXposedHookLoadPackage {
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
sslContext.init(null, new TrustManager[]{tm}, null);
}
@Override

BIN
bin/JustTrustMe.apk
View File

Binary file not shown.

8
build.gradle
View File

@@ -2,10 +2,11 @@
buildscript {
repositories {
jcenter()
google()
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:1.5.0'
classpath 'com.android.tools.build:gradle:7.2.1'
// NOTE: Do not place your application dependencies here; they belong
// in the individual module build.gradle files
@@ -14,6 +15,7 @@ buildscript {
allprojects {
repositories {
jcenter()
google()
jcenter()
}
}

1
build.sh
View File

@@ -1,4 +1,5 @@
APK_PATH="bin/JustTrustMe.apk"
mkdir bin
./gradlew assembleRelease && cp app/build/outputs/apk/app-release-unsigned.apk $APK_PATH && signapk $APK_PATH
#adb install -r bin/AndroidVTS.apk

19
gradle.properties
View File

@@ -1,18 +1,17 @@
# Project-wide Gradle settings.
# IDE (e.g. Android Studio) users:
# Settings specified in this file will override any Gradle settings
# configured through the IDE.
## Project-wide Gradle settings.
#
# For more details on how to configure your build environment visit
# http://www.gradle.org/docs/current/userguide/build_environment.html
#
# Specifies the JVM arguments used for the daemon process.
# The setting is particularly useful for tweaking memory settings.
# Default value: -Xmx10248m -XX:MaxPermSize=256m
# Default value: -Xmx1024m -XX:MaxPermSize=256m
# org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
#
# When configured, Gradle will run in incubating parallel mode.
# This option should only be used with decoupled projects. More details, visit
# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
# org.gradle.parallel=true
# org.gradle.parallel=true
#Mon Jun 26 14:34:35 CST 2017
#systemProp.http.proxyHost=127.0.0.1
#systemProp.http.proxyPort=1080

3
gradle/wrapper/gradle-wrapper.properties vendored
View File

@@ -1,6 +1,5 @@
#Tue Dec 16 21:30:06 EST 2014
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-2.2.1-all.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-all.zip