Frida hooks for bypassing certificate pinning and redirecting Rocket League API traffic to a local MITM server.
1. Hook libcurl curl_easy_init
Disable SSL verification by overriding the following options:
CURLOPT_SSL_VERIFYPEER- Disable peer certificate verificationCURLOPT_SSL_VERIFYHOST- Disable hostname verification
This allows the game to accept a self-signed certificate from the local MITM server without errors.
2. Hook libcurl curl_easy_setopt
Intercept URL calls to redirect API traffic:
- Detect when
CURLOPT_URLis set tohttps://api.rlpp.psynet.gg - Replace the URL with
https://127.0.0.1while preserving the path - Force all HTTP API calls to route through the local MITM proxy
3. Hook OpenSSL X509_verify_cert
Bypass certificate validation for WebSocket connections:
- Replace the certificate verification function to always return success (1)
- Essential for WebSocket connections which use a separate validation path
- Prevent SSL handshake failures when connecting to the local proxy
- Python 3.x
- Frida (
pip install frida) - Node.js
Note
Steam and Epic builds have different offsets for each function. You may need to adjust them, check the code for details.
- Build the TypeScript Frida script:
npm install
npm run build-
Start the MITM server (see
../mitm/directory) -
Launch Rocket League
-
Immediately run the Frida hook:
npm start
# or directly:
python main.py