What is the difference between Frida and Objection?

Frida is a low-level instrumentation toolkit. Objection is a CLI built on top of Frida that wraps common mobile-pentest tasks — SSL bypass, root detection bypass, dumping keychain — into one-line commands. Use Objection when you want speed, Frida when you need custom hooks.

Why does my bypass script fail on some apps?

Modern apps may use custom TrustManagers, OkHttp CertificatePinner with non-standard hashes, native pinning (BoringSSL in libnative.so), or runtime integrity checks that detect Frida itself. Try a multi-bypass script like frida-multiple-unpinning first; if that fails, inspect the network library being used and write a targeted hook.

Is bypassing SSL pinning legal?

On apps you own or have written authorization to test, yes — this is standard mobile security testing. Bypassing pinning on third-party production apps without authorization typically violates the app terms of service and may breach computer-misuse laws in most jurisdictions. Always confirm scope with a signed authorization or bug-bounty program rules.

Which Burp Suite version do I need?

Burp Suite Community Edition is sufficient for SSL inspection and request replay. Burp Professional adds the active scanner, intruder at full speed, and the BApp Store — useful for full mobile pentests but not required for the bypass itself.

Blog

SecurityMarch 5, 20268 min read

Bypass SSL Pinning on Android with Frida — A Step-by-Step Guide

A practical walkthrough on intercepting HTTPS traffic from Android apps using Frida, Burp Suite, and a rooted device — covering setup, script injection, and certificate installation.

L

Lugon

Vibe Engineer

Share article

I. Prepare Your Mac / Laptop

1. Install Python & Frida

First, install Python from python.org. Then install the Frida toolkit:

python3 -m pip install Frida
python3 -m pip install objection
python3 -m pip install frida-tools

Or using pip3 directly:

pip3 install Frida
pip3 install objection
pip3 install frida-tools

2. Download the SSL Bypass Script

To bypass SSL pinning, you need a pre-written Frida script. Several community scripts are available on Frida CodeShare:

Save your chosen script as fridascript.js on your machine.

3. Install Platform-tools (ADB)

Download Android Platform-tools which includes ADB — required for communicating with your Android device over USB.

II. Mobile Device Setup

1. Root Your Android Device

In order to inject a script into the application, the Android device must be rooted.

2. Enable USB Debugging

Go to Settings → Developer Options → USB Debugging and enable it.

3. Download Frida Server

Check your device's CPU architecture:

adb shell getprop ro.product.cpu.abi

Then download the matching Frida Server build from the Frida releases page. For example: frida-server-16.1.1-android-arm64.xz.

4. Install Frida Server on Mobile

frida-server must be installed on the Android device before you can inject scripts.

Extract the downloaded file and rename it to frida-server, then push it to the device:

adb push <path-to-frida-server> /data/local/tmp/

Set executable permissions:

adb shell chmod 777 /data/local/tmp/frida-server

III. Install Burp Suite

Download and install Burp Suite Community Edition.

For certificate setup and Android device configuration, refer to:

PortSwigger — Configuring Android Device

Configuring Burp Suite with Android Nougat+

IV. Push Burp Suite Certificate to Device

Push the downloaded CA certificate from the previous step into the device:

adb push <path-to-cacert.der> /data/local/tmp/cert-der.crt

V. Start Injecting — Bypass SSL Pinning

1. Mobile Configuration

Connect to Wi-Fi and configure a manual proxy:

# Find your local IP
ifconfig | grep 192
Set proxy on Android Wi-Fi settings:
Host: 192.168.x.y (your Mac's IP)
Port: 8080

Start Frida Server on the mobile device from your Mac terminal:

adb shell "su -c '/data/local/tmp/frida-server'"

Or interactively:

adb shell
su
cd /data/local/tmp
./frida-server

2. Desktop — Run Frida

Open Burp Suite and navigate to Proxy → Options to verify the listener is active on port 8080.

Then run Frida to inject the bypass script:

# Using a local script file
frida -l <path-to-fridascript.js> -U -f <package-name>
Or using CodeShare directly
frida --codeshare masbog/frida-android-unpinning-ssl -U -f <package-name>

Other CodeShare IDs you can use:

pcipolloni/universal-android-ssl-pinning-bypass-with-frida

Q0120S/bypass-ssl-pinning

References

Many thanks: @toanalien

fridassl-pinningandroidsecurityburp-suitereverse-engineering

Share article

FAQ

Frequently Asked Questions

Common questions readers ask about this article.

Yes for Frida-based bypass. frida-server must run as root to inject scripts into other processes. For non-rooted devices you would have to rebuild the APK with smali patches or use Magisk-based tooling — both significantly harder than Frida on a rooted device.

Start Your Project

Ready to transform?

Discover how TeguFy can help your business simplify, amplify, and fortify with AI, Blockchain, and cutting-edge technology.

Request Consultation View Projects