Android SSL Pinning Bypass: Frida Script for OkHttp3 and TrustKit

By Tech Ordus Research April 20, 2026 mobile-iot

Affiliate disclosure: When you buy through links on BestPocketTech we may earn a commission at no extra cost to you. As an Amazon Associate we earn from qualifying purchases. Our recommendations are based on independent research and editorial standards.

Target Libraries

Most Android apps in 2026 use either:

OkHttp3 CertificatePinner — intercepts at the certificate comparison level
TrustKit — wraps the default TrustManager with SPKI hash pinning

OkHttp3 Hook

Java.perform(function() {
  var CertPinner = Java.use('okhttp3.CertificatePinner');
  CertPinner.check.overload('java.lang.String', 'java.util.List').implementation = function(hostname, peerCertificates) {
    return;
  };
  CertPinner.check.overload('java.lang.String', '[Ljava.security.cert.Certificate;').implementation = function(hostname, certs) {
    return;
  };
});

TrustKit Hook

Java.perform(function() {
  var OkHostnameVerifier = Java.use('okhttp3.internal.tls.OkHostnameVerifier');
  OkHostnameVerifier.verify.overload('java.lang.String', 'javax.net.ssl.SSLSession').implementation = function(hostname, session) {
    return true;
  };
});

Usage

frida -U -l pinning_bypass.js -f com.target.app --no-pause

Pair with mitmproxy or Burp Suite with a custom CA installed in the system trust store.