discovered 30 Mar 2026

android-unpinner

Python ★ 932 via github-topic

AI Summary: Android Unpinner is a tool designed to facilitate the removal of SSL certificate pinning from Android APKs without requiring root access. Utilizing the Frida framework, it modifies only the AndroidManifest.xml file to enable debugging, while dynamically injecting a Frida Gadget via ADB to perform the unpinning process. The tool is equipped with comprehensive dependencies for cross-platform use and supports handling XAPKs by extracting and installing split APKs effectively.

README

Android Unpinner

This tool removes certificate pinning from APKs.

Does not require root.
Uses frida-apk to mark app as debuggable. This is much less invasive than other approaches, only AndroidManifest.xml is touched within the APK.
Includes a custom Java Debug Wire Protocol implementation to inject the Frida Gadget via ADB.
Uses HTTPToolkit’s excellent unpinning script to defeat certificate pinning.
Already includes all native dependencies for Windows/Linux/macOS (adb, apksigner, zipalign, aapt2).
Handles XAPKs by extracting the split APKs, unpinning them and installing them with adb install-multiple.

The goal was not to build yet another unpinning tool, but to explore some newer avenues for non-rooted devices. Please shamelessly copy whatever idea you like into other tools. :-)

Installation

Using uv, you can install the tool with a single command:

uv tool install git+https://github.com/mitmproxy/android-unpinner

Alternatively, you can install it manually:

$ git clone https://github.com/mitmproxy/android-unpinner.git
$ cd android-unpinner
$ pip install -e .

Usage

Connect your device via USB and run the following command.

$ android-unpinner all httptoolkit-pinning-demo.apk

screenshot

See android-unpinner --help for usage details.

You can pull APKs from your device using android-unpinner list-packages and android-unpinner get-apks. Alternatively, you can download APKs from the internet, for example manually from apkpure.com or automatically using apkeep.

Comparison

Compared to using a rooted device, android-unpinner…

🟥 requires APK patching. 🟩 does not need to hide from root detection.

Compared to apk-mitm, android-unpinner…

🟥 requires active instrumentation from a desktop machine when launching the app. 🟩 allows more dynamic patching at runtime (thanks to Frida). 🟩 does less invasive APK patching, e.g. classes.dex stays as-is.

Compared to objection, android-unpinner…

🟥 supports only one feature (disable pinning) and no interactive analysis shell. 🟩 is easier to get started with, does not require additional dependencies. 🟩 does less invasive APK patching, e.g. classes.dex stays as-is.

Compared to frida + LIEF, android-unpinner…

🟥 modifies AndroidManifest.xml 🟩 is easier to get started with, does not require additional dependencies. 🟩 Does not require that the application includes a native library.

Licensing

This tool stands on the shoulders of giants.

httptoolkit-pinning-demo.apk is a copy of HTTP Toolkit’s neat demo app available at https://github.com/httptoolkit/android-ssl-pinning-demo (Apache-2.0 License).
scripts/httptoolkit-unpinner.js is a copy of HTTP Toolkit’s excellent unpinning script available at https://github.com/httptoolkit/frida-android-unpinning/ (AGPL License, Version 3.0 or later).
android_unpinner/vendor/frida/ contains the fantastic Frida gadgets available at https://frida.re/ (wxWindows Library Licence, Version 3.1).
android_unpinner/vendor/frida-tools/ is adapted from https://github.com/frida/frida-tools (wxWindows Library Licence, Version 3.1).
android_unpinner/vendor/build_tools/ is a copy of some of Android’s build tools (see NOTICE.txt therein for license).
android_unpinner/vendor/platform_tools/ is a copy of some of Android’s platform tools (see NOTICE.txt therein for license).
Code written here is licensed under the MIT license (https://github.com/mitmproxy/mitmproxy/blob/main/LICENSE).