Flutter-Proxy-Unlocker

Flutter-Proxy-Unlocker is a Frida-based toolkit for intercepting and redirecting network traffic from Flutter applications on Android and iOS. It dynamically discovers and hooks internal Flutter engine functions to bypass SSL/TLS certificate validation and transparently reroute socket connections to a Burp Suite proxy. It supports arm64 and x86_64 architectures and works without repackaging, intended only for authorized mobile security testing.

Usage

Android

frida-ps -Uai

Attach to a running process

frida -Uf com.example.myapp -l FlutterProxy.js

iOS (Jailbroken)

frida-ps -Uai

Attach to a running process

frida -Uf com.example.myapp -l FlutterProxy.js

Proof of Concept (PoC)

Step 1: Start Burp Suite Proxy on the Host Machine

Open Burp Suite and enable the Proxy listener.

• Go to Proxy → Options → Proxy Listeners
• Ensure your listener is active (IP 192.168.x.x, Port 8080)
• Tick the checkbox: "Support invisible proxying"
  • This is required because Flutter sockets are raw TCP, not browser-style HTTP

Make sure your device and host machine are on the same network.

---

Step 2: Specify Burp IP and Port in the Script

At the very end of FlutterProxy.js, configure your proxy:

BURP_PROXY_IP = "192.168.x.x";   // your host machine IP
BURP_PROXY_PORT = 8080;          // your Burp proxy port

---

Step 3: Attach Frida to the Flutter App

Run this command in CMD/Terminal:

frida -Uf <package_name> -l FlutterProxy.js

Live.Demo.mp4