Browse by type
A Frida script that disables Flutter's TLS verification
This script works on Android x86, Android x64 and iOS x64. It uses pattern matching to find ssl_verify_peer_cert in handshake.cc
You can use it via Frida by downloading disable-flutter-tls.js or by using Frida codeshare:
frida -U -f your.package.name -l disable-flutter-tls.js --no-pause
# or Frida codeshare
frida -U --codeshare TheDauntless/disable-flutter-tls-v1 -f YOUR_BINARY
Further information can be found in this blogpost.
Before creating a GitHub issue, please test the following steps:
-http-proxy when launching the emulator.apktool d <YOURAPK> and run md5sum on libs/<ARCH>/libflutter.somd5sum on Payload/Runner.app/Frameworks/Flutter.framework/Flutterlibflutter.so or Flutter to the correct folder in libflutter_samples and run python3 verify.pyIf you can succesfully intercept all requests from the demo app and your library is not included in the samples, please open a GitHub issue with the app in question. It is possible that the app is using additional SSL pinning plugins, so a combination of this plugin and objection / other Frida scripts may be necessary. This is outside of the scope of this project and you will have to RE yourself to identify additional pinning protections.
$ claude mcp add disable-flutter-tls-verification \
-- python -m otcore.mcp_server <graph>