GitHub - humblepoti/Dolos: Dolos is a tool made to support the bypass of certificate pinning through instrumentation and patch of the APK. It's inspired by the greek mythology where Dolos became known by his ability to create a copy of Aletheia statue that amazed Prometheus. The purpose of the tool is to create a copy of the original APK containing a small change to bypass the method used to validate certificates in the certificate pinning process of the OkHttp3/4 lib for Android apps.

Dolos is a tool aimed to support pentesters or security engineers when bypassing certificate pinning implemented on Android apps. It's built on top of the Soot framework (http://soot-oss.github.io/soot/) and leverages code instrumentation to check all application methods to detect the method responsible for validating the certificates. The detection is based on regex signatures derived from OkHttp3/4 implementations. Dolos patches the APK and inserts a print statement on the patched method.

To compile Dolos, use Maven with the following command:

mvn clean compile assembly:single

After compilation you can execute Dolos with the following command (Java 11):

java -cp Dolos-1.0-jar-with-dependencies.jar com.poc.soot.dolos.App -a ./APK_NAME.apk -o ./outputDir

It's worth to note that Dolos doesn't remove anti-tampering checks. This is a work in progress due to lack of enough signatures so if you have APKs with anti-tamper examples feel free to ping me.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
src		src
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

humblepoti/Dolos

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages