Skip to content

Releases: vichhka-git/universal-flutter-ssl-pinning

Flutter TLS Toolkit

Choose a tag to compare

@vichhka-git vichhka-git released this 15 Jun 03:33
a0a8b3a

Quick Traffic Capture (no proxy)

Besides bypassing pinning for a proxy-based MITM, you can capture decrypted HTTP
traffic directly in Frida with the self-contained flutter_http_monitor.py.
It auto-locates BoringSSL SSL_write/SSL_read in libflutter.so (any Flutter
version, arm64) and generates a Frida script that prints plaintext requests and
responses — reassembled, de-chunked, gunzipped, and JSON pretty-printed.

pip install capstone pyelftools

# scan the binary and generate the monitor (or pass an .apk)
python3 flutter_http_monitor.py path/to/libflutter.so -o monitor.js

# run it against the app
frida -U -f com.target.app -l monitor.js

Optional, live in the Frida REPL: addScope('api.example.com') to watch only
specific hosts (Burp-style scope). Single file — nothing else to ship.

v1.1.0 — Frida 17.x and 16.x support

Choose a tag to compare

@vichhka-git vichhka-git released this 04 Apr 08:23
bf8c1df

What's new

Frida 16 & 17 dual compatibility

The generated Frida script now runs on both Frida 16 and Frida 17 without any manual changes. Frida 17 removed several static Module.* APIs that the previous script relied on — the new script detects the runtime API generation at startup and routes all calls through the correct path automatically.

API Frida 16 Frida 17
Module.findExportByName(lib, sym) ❌ removed
Module.findExportByName(null, sym) ❌ removed
Process.getModuleByName(lib).findExportByName(sym)
Module.getGlobalExportByName(sym)

Targets

Google Flutter and Shorebird-patched builds — unchanged, both still supported.