Gregory's ServerFYI if you want to hack on Instagram's internal APIs, the Android app is much easier to get at. It uses something called "proxygen" for the HTTP client. It's written in C++, which means JNI bindings, which means that part is necessarily excluded from obfuscation. You can hook your own code into it quite easily. I did that years ago to strip ads from API responses before handing them off to the rest of the app.
|
4 comments
 sam henri gold, you may also want to focus on enabling the internal developer settings. I'm not sure whether this disables the pinning but you can change the API host in them  |
@grishka Heh, i had no idea. I was just trying to get a peek at the Threads API, which turned into me trying to bypass SSL pinning, then it devolved into a whole...thing. I'll give the Android app a whack.