Skip to content

thalysonz/pentest-flutter-guide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
example-ios-android.png
example-ios-android.png
 
 

Repository files navigation

Pentest Flutter Guide

Repository aimed at helping to perform pentests on flutter applications

SSL Pinning Bypass

Automatic methods

NVISO Flutter Script (Always updated)

  • Download the script: 
      wget https://raw.githubusercontent.com/NVISOsecurity/disable-flutter-tls-verification/main/disable-flutter-tls.js
  • Run the script: 
      flutter -U -f com.app.target -l disable-flutter-tls.js

Reflutter

  • Install Reflutter: 
      pip3 install reflutter
  • Run Reflutter: // Remenber input yout BurpSuite IP 
      reflutter apk_name.apk
  • Sign the fixed APK: 
      java -jar uber-apk-signer-1.3.0.jar --apk release.RE.apk
  • Install the signed APK: 
      adb install release.RE-aligned-debugSigned.apk

Manual Methods

  • Use Ghidra or any other suitable tool

SOON

IPtables

OpenVPN

sudo wget https://git.io/vpn -O openvpn-install.sh
sudo sed -i "$(($(grep -ni "debian is too old" openvpn-install.sh | cut  -d : -f 1)+1))d" ./openvpn-install.sh
sudo chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

Configuration:

  • Which IPv4 address should be used?: Use your PC IP
  • Public IPv4 address / hostname: Use your PC IP
  • Protocol: 1
  • Port: 1194
  • DNS Server: 1
  • Name client: any name
  • Start OpenVPN service:
sudo service openvpn start
  • Set iptables rules: // Replace 192.168.x.15 for your device IP
sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A POSTROUTING -s 192.168.x.15/24 -o eth0 -j MASQUERADE
  • Conect OpenVPN client iOS

ProxyDroid for Android

In most cases involving Android, in addition to the bypass via frida, it will be necessary to set the proxy via proxydroid.

  1. Install ProxyDroid from Google Play
  2. Set Host = BurpSuite IP
  3. Set Port = BurpSuite Port
  4. Enable Global
  5. Start

Additional Tips: To extract strings from the app:

  • Android:
  1. Rename the apk file to the .zip extension (apk_name.apk -> apk_name.zip)
  2. Extract apk_name.zip
  3. Get the libapp.so file (lib/arm*/libapp.so)
  • iOS:
  1. Use frida-ios-dump para obter o app_name.ipa
  2. Rename the ipa file to the .zip extension (app_name.ipa -> app_name.zip)
  3. Extract apk_name.zip
  4. Get the App file (Payload/AppName(Yourappname).app/Frameworks/App.framework/App)
  • Extract strings from the app
  1. Filter app strings:
    strings libapp.so | grep <ANY VALUE FOR SEARCH>
  1. Search for api routes
    strings libapp.so | grep "/api/"
  1. Android/iOS example

android-ios

About

Repository aimed at helping to perform pentests on flutter applications

Resources

Readme
Activity

Stars

18 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors