Releases: vichhka-git/universal-flutter-ssl-pinning
Release list
Flutter TLS Toolkit
Quick Traffic Capture (no proxy)
Besides bypassing pinning for a proxy-based MITM, you can capture decrypted HTTP
traffic directly in Frida with the self-contained flutter_http_monitor.py.
It auto-locates BoringSSL SSL_write/SSL_read in libflutter.so (any Flutter
version, arm64) and generates a Frida script that prints plaintext requests and
responses — reassembled, de-chunked, gunzipped, and JSON pretty-printed.
pip install capstone pyelftools
# scan the binary and generate the monitor (or pass an .apk)
python3 flutter_http_monitor.py path/to/libflutter.so -o monitor.js
# run it against the app
frida -U -f com.target.app -l monitor.jsOptional, live in the Frida REPL: addScope('api.example.com') to watch only
specific hosts (Burp-style scope). Single file — nothing else to ship.
v1.1.0 — Frida 17.x and 16.x support
What's new
Frida 16 & 17 dual compatibility
The generated Frida script now runs on both Frida 16 and Frida 17 without any manual changes. Frida 17 removed several static Module.* APIs that the previous script relied on — the new script detects the runtime API generation at startup and routes all calls through the correct path automatically.
| API | Frida 16 | Frida 17 |
|---|---|---|
| Module.findExportByName(lib, sym) | ✅ | ❌ removed |
| Module.findExportByName(null, sym) | ✅ | ❌ removed |
| Process.getModuleByName(lib).findExportByName(sym) | ❌ | ✅ |
| Module.getGlobalExportByName(sym) | ❌ | ✅ |
Targets
Google Flutter and Shorebird-patched builds — unchanged, both still supported.