leonjza · May 16, 2019 22:16
diff --git a/pinning.ts.diff b/pinning.ts.diff
 diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts
 index 1f9407a..aa2152a 100644
 --- a/agent/src/ios/pinning.ts
 +++ b/agent/src/ios/pinning.ts
 @@ -283,6 +283,38 @@ export namespace sslpinning {
     });
   };
 
 +  const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => {
 +    // https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin/blob/
 +    //  67634bfdf4a31bb09b301db40f8f27fbd8818f61/src/ios/SSLCertificateChecker.m#L109-L116
 +    if (!ObjC.classes.CustomURLConnectionDelegate) {
 +      return;
 +    }
 +
 +    send(c.blackBright(`[${ident}] `) + `Found SSLCertificateChecker-PhoneGap-Plugin.` +
 +      ` Hooking known pinning methods.`);
 +
 +    return Interceptor.attach(ObjC.classes.CustomURLConnectionDelegate["- isFingerprintTrusted:"].implementation, {
 +      onLeave(retval) {
 +        qsend(quiet,
 +          c.blackBright(`[${ident}] `) + `[SSLCertificateChecker-PhoneGap-Plugin] Called ` +
 +          c.green(`-[CustomURLConnectionDelegate isFingerprintTrusted:]`) + ` with result ` +
 +          c.red(retval.toString()),
 +        );
 +
 +        if (!retval.isNull()) {
 +          qsend(quiet,
 +            c.blackBright(`[${ident}] `) + `[SSLCertificateChecker-PhoneGap-Plugin] ` +
 +            c.blueBright(`Altered `) +
 +            c.green(`-[CustomURLConnectionDelegate isFingerprintTrusted:]`) + ` mode to ` +
 +            c.green(`0x0`),
 +          );
 +
 +          retval.replace(new NativePointer(0x0));
 +        }
 +      },
 +    });
 +  };
 +
   const sSLSetSessionOption = (ident: string): NativePointerValue => {
     const kSSLSessionOptionBreakOnServerAuth = 0;
     const noErr = 0;
 @@ -438,6 +470,7 @@ export namespace sslpinning {
       job.invocations.push(i);
     });
     job.invocations.push(trustKit(job.identifier));
 +    job.invocations.push(cordovaCustomURLConnectionDelegate(job.identifier));
 
     // Low level hooks.
	diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts
	index 1f9407a..aa2152a 100644
	--- a/agent/src/ios/pinning.ts
	+++ b/agent/src/ios/pinning.ts
	@@ -283,6 +283,38 @@ export namespace sslpinning {
	});
	};

	+ const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => {
	+ // https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin/blob/
	+ // 67634bfdf4a31bb09b301db40f8f27fbd8818f61/src/ios/SSLCertificateChecker.m#L109-L116
	+ if (!ObjC.classes.CustomURLConnectionDelegate) {
	+ return;
	+ }
	+
	+ send(c.blackBright(`[${ident}] `) + `Found SSLCertificateChecker-PhoneGap-Plugin.` +
	+ ` Hooking known pinning methods.`);
	+
	+ return Interceptor.attach(ObjC.classes.CustomURLConnectionDelegate["- isFingerprintTrusted:"].implementation, {
	+ onLeave(retval) {
	+ qsend(quiet,
	+ c.blackBright(`[${ident}] `) + `[SSLCertificateChecker-PhoneGap-Plugin] Called ` +
	+ c.green(`-[CustomURLConnectionDelegate isFingerprintTrusted:]`) + ` with result ` +
	+ c.red(retval.toString()),
	+ );
	+
	+ if (!retval.isNull()) {
	+ qsend(quiet,
	+ c.blackBright(`[${ident}] `) + `[SSLCertificateChecker-PhoneGap-Plugin] ` +
	+ c.blueBright(`Altered `) +
	+ c.green(`-[CustomURLConnectionDelegate isFingerprintTrusted:]`) + ` mode to ` +
	+ c.green(`0x0`),
	+ );
	+
	+ retval.replace(new NativePointer(0x0));
	+ }
	+ },
	+ });
	+ };
	+
	const sSLSetSessionOption = (ident: string): NativePointerValue => {
	const kSSLSessionOptionBreakOnServerAuth = 0;
	const noErr = 0;
	@@ -438,6 +470,7 @@ export namespace sslpinning {
	job.invocations.push(i);
	});
	job.invocations.push(trustKit(job.identifier));
	+ job.invocations.push(cordovaCustomURLConnectionDelegate(job.identifier));

	// Low level hooks.