Flutter based Mac OSX Thick Client SSL Pinning Bypass

During one of our recent thick client application penetration tests, Sanjay encountered a scenario where the application was built on top of a Flutter framework and had an SSL pinning check in one of the embedded libraries. Due to this check, the application provided an SSL pinning error when it was configured using Burp.
To share our experience and for the purpose of this blog, we will be using ‘thickclient.example.com’ as a backend API URL for Mac OSX thick client application.

TL;DR

Bypass SSL Pinning implementation for Flutter based Mac OSX thick client application by hooking Frida script in Mac OSX thick client application.

Problem Statement

The challenge was to pentest or modify the network traffic generated by Mac OSX thick client application in Burp Proxy, as the application provided an SSL pinning error when configured using Burp.

Problem Analysis

During the process of Mac OSX thick client application pentest, to capture the application’s HTTP traffic, we used well-known tools like Burp Suite, Charles Proxy, and Proxyman, configured using well-known proxy configuration techniques. It was observed that none of the tools and techniques could capture the Mac OSX thick client application’s traffic.

Using Wireshark to analyze the thick client application network traffic, we

Read More: https://notsosecure.com/flutter-based-mac-osx-thick-client-ssl-pinning-bypass/