Bypass SSL Pinning using Frida

3 min readOct 19, 2021


Hello Security Champs!! As you are aware, intercepting HTTPS traffic is a necessity in mobile security assessment. In Android Nougat and latest version, apps don’t trust client certificates anymore :-(

I was facing challenge while performing security assessment. I got error message “Received fatal alert: certificate_unknown” in burp suite. Have you got one?

Testing app was showing java.sercurity.cert.CertPathValidatorExeption error.

After google for while I came across amazing tool for bypassing SSL Pinning.

Prerequisite are as follows

  1. Rooted android device/ testing emulator
  2. Frida framework
  3. Objection framework
  4. ADB tool
  5. Proxy tool

I have already installed CA Cert on your device.

Step 1: Connect android device using ADB

I have connected android device with computer using USB cable. Making sure that USB debugging enabled in android.

Of course! no need of cable for emulators like Genyotion :-P

Connection test using adb command

adb devices

If no device shown is not connected then use connect command

adb connect <IP of Android device>

Step 2: Copy Frida Server to android device

Download frida-server from github. And copy it to tmp directory only of android device.

adb push frida-server-12.8.19-android-arm /data/local/tmp

Step3: Start frida server with commands

We have frida server in tmp directory. Change permission of file and start it.

adb shell

cd /data/local/tmp

ls -ltr

chmod 755 frida-server-12.9.7-android-x86


adb shell “/data/local/tmp/frida-server-12.9.7-android-x86 &”

In order to ensure everything is working fine, check frida-ps -U command.

Step 4: Bypass SSL Pinning using Objection

Run command to open objection framework

objection –gadget <app package name> explore

In Objection framework run command to bypass ssl pinning

android sslpinning disable

Hurreyy!! Error is resolved. I am able to intercept api traffic.


  1. Using Objection api traffic interception issues can be resolved
  2. Application SSL Pinning is implemented by developer to enhance security of app and its api




Written by NitinB

Cyber Security Professional

No responses yet