Skip to content

GamiDPC/Instagram_SSL_Pinning

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
arm
arm
 
 
non-root
non-root
 
 
x86
x86
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Instagram SSL Pinning

Bypass Instagram SSL Pinning on Android (ARM and x86) Version 117.0.0.28.123

Requirements

  • Latest version of JDK (Download)

  • Burp Suite v1.7.36 (*.jar version) (Download)

  • Instagram APK (ARM - x86) - For root method only
    Download only from this links, not Google Play or somewhere else

  • a rooted Android device (Physical or virtual) - For root method only
    Genymotion Android 8+ recommended.
    Genymotion virtual devices is x86 and rooted by default.

  • ADB (Download) - For root method only
    Genymotion will install ADB automatically and you can find it on <Genymotion Installation path>/tools

Non-Root Method (Easier way, Recommended)

Usage

  1. Download and install patched APK (ARM - x86). (ARM on physical device or ARM on Genymotion Android 8-Oreo with ARM Translation recommended!)

    1.2. For x86 only, Open Instagram app (wait a few seconds) and close it.
    It's important to run Instagram app once, before setting the proxy!

  2. Run Burp Suite with /<JDK Installation path>/bin/java -jar burpsuite_community.jar and setting up proxy on your Android device.
    You should install Burp Suite certificate on your Android device

  3. That's it! Now open the Instagram app on your device and intercept the requests in Burp Suite !

Root Method

Watch tutorial video

Usage (It's important to do step by step)

  1. Install Genymotion or your virtual device and start it.

  2. Download and install Instagram apk on your device.

  3. Open Instagram app (wait a few seconds) and close it.
    It's important to run Instagram app once, before start patching!

  4. Download the patched file (ARM - x86) and push it to the device:
    ARM: adb push libliger.so /data/data/com.instagram.android/lib-superpack-zstd/libliger.so
    x86: adb push libliger.so /data/data/com.instagram.android/lib-zstd/libliger.so

  5. Open Instagram app again (wait a few seconds) and close it.

  6. Run Burp Suite with /<JDK Installation path>/bin/java -jar burpsuite_community.jar and setting up proxy on your Android device.
    You must set the proxy in this step
    You should install Burp Suite certificate on your Android device

  7. That's it! Now open the Instagram app and intercept the requests in Burp Suite !

Instagram Signature Key (v117.0.0.28.123) ARM and x86

a86109795736d73c9a94172cd9b736917d7d94ca61c9101164894b3f0d43bef4

Donations

If you want to show your appreciation, you can donate via PayPal.
Bitcoin: 1GhTaq5HqEj4xpP42drPxT4FNzxp8zUTfK
Iranian users can donate via IDPay.

Thanks.

About

Bypass Instagram SSL Pinning on Android

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published