A Python script that patches an APK's bundled libflutter.so files to disable Flutter's TLS verification for Android apps.
Flutter's TLS verification can cause issues when trying to intercept and analyze network traffic using tools like Burp Suite. By patching libflutter.so, you can disable TLS verification and allow these tools to intercept the traffic for analysis.
The script is based on the work of Jeroen Beckers @TheDauntless at https://github.com/NVISOsecurity/disable-flutter-tls-verification. List of offsets are present here. Thanks to Jeroen and NVISO for their work on this topic.
Using a Frida-based approach was crashing the app and sometimes caused the device to reboot. In practice, Frida-based TLS bypass typically also requires a rooted device (or other advanced instrumentation) to reliably hook the right processes/libraries at runtime.
Also, the upstream Frida script is not compatible with Frida 17.x, so I decided to create a patching script that modifies libflutter.so directly. This way, you can patch the file once and use it on any device without needing to run a Frida script — including non-rooted devices.
Note
After patching and signing the APK, you can capture traffic on non-rooted devices as well; as long as you can route the app's traffic through your proxy (e.g., via Wi‑Fi proxy settings, a VPN-based tunnel, or other traffic redirection).
Patching libflutter.so for TLS verification will not make the app proxy-aware. It only disables TLS verification so HTTPS traffic can be intercepted.
You still need to patch others aspects of the app (e.g., network configuration, certificate pinning, etc.) to ensure the app's traffic is properly routed through your proxy.
-
Install the tool with
uvor run it directly.uv install . patch-flutter-tls com.app.apkOr run directly:
python3 patch_libflutter_tls.py com.app.apk
This produces a new file next to the input:
com.app_patched.apk
The script searches the APK for every
libflutter.so(across all ABIs such asarm64-v8a,armeabi-v7a,x86_64, etc.), patches each match it finds, and writes an updated APK. -
Patch
network-security-configto trust user-installed certificates.Disabling Flutter TLS verification alone is often not enough for interception workflows. You should also patch the app's
network-security-configand allowusercertificates. I recommend using patch-netsec-conf for this step. -
Sign the patched APK using your preferred signing tool.
Any APK modification invalidates the original signature. You must re-sign before installing. I recommend using APK Explorer & Editor (AEE) for this step.
$ python3 patch_libflutter_tls.py -h
usage: patch_libflutter_tls.py [-h] apk_path
Patch APK files to disable Flutter TLS verification.
positional arguments:
apk_path Input APK file path
optional arguments:
-h, --help show this help message and exitWarning
This script is intended for educational and testing purposes only. Use it responsibly and ensure you have permission to modify the APKs you are working with. The author is not responsible for any misuse of this script.
This script may not work with all versions of Flutter or all devices, and it may cause instability in the app. Use it at your own risk.
