A collection of scripts written in JavaScript designed to interact with the Corellium API with the aim of facilitating pentesting activities.
Currently comprises of:
sslPinning.js: Allows querying the currentstatusof SSL pinning as well as switching SSL pinningon/off.takeScreenshot.js: Facilitates screenshot taking by directly dropping screenshots within the localscreenshotsfolder.
-
Install Node.js.
-
Download this repository:
git clone https://github.com/aress31/corellium-utils cd .\corellium-utils
-
Install the dependencies:
[!IMPORTANT] The command below is to be executed in the root folder of this project.
npm install
-
Create an
.envfile in the root folder containing the following constants:[!NOTE] Replace the placeholder values with your values.
API_TOKEN="XXX" ENDPOINT="https://app.corellium.com" INSTANCE="XXX" PROJECT="Default Project"
-
To take a screenshot:
node .\takeScreenshot.js -
To query the
statusof SSL pinning:node .\sslPinning.js -c status -
To
enableSSL pinning bypass:node .\sslPinning.js -c enable
-
To
disableSSL pinning bypass:node .\sslPinning.js -c disable
- Improve the
argparsinglogic. - Merge the scripts into a master script with more function modularity, e.g.,
login. - Automate proxying to Burp Suite, so far it seems that the current version of the Corellium API does not export any function that could enable us implementing this feature.
- Implement additional features - open to suggestions.
If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. ☕
It is easy, all you got to do is press the Sponsor button at the top of this page or alternatively click this link. 💸
Found a bug? I would love to squash it! 🐛
Please report all issues on the GitHub issues tracker.
You would like to contribute to better this project? 🤩
Please submit all PRs on the GitHub pull requests tracker.
See LICENSE.