DOI: https://doi.org/10.32347/tit2020.31.0302
Four ways to bypass Android SSL. Verification and Certificate Pinning
Abstract
Gone are the days when mobile applications stoically ignore all manners of SSL errors and allow you to intercept and modify their traffic at will. Instead, most modern applications at least check the presented certificate chains to a valid, trusted certificate authority (CA). All pentesters like to convince the app that our certificate is valid and trusted so we can man-in-the-middle (MITM) it and modify its traffic.
Keywords
Full Text:
PDF (Українська)References
Four Ways to Bypass Android SSL Verifi-cation and Certificate Pinning, 2020 [Online]. Available: https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/. Accessed on: May 19, 2020.
All about SSL pinning bypass, 2020 [Online]. Available: https://ninadmathpati.com/all-about-ssl-pinning-bypass/. Accessed on: May 19, 2020.
SSL PINNING: Mobile banking protection on android with ssl certificate, 2020 [Online]. Available: https://www.emaro-ssl.ru/blog/ssl-pinning-for-android/. Ac-cessed on: May 19, 2020.
Xposed Module: Just Trust Me, 2020 [Online]. Available: https://github.com/Fuzion24/JustTrustMe. Accessed on: May 19, 2020.
Xposed Module: SSLUnpinning, 2020 [Online]. Available: https://github.com/ac-pm/SSLUnpinning_Xposed. Accessed on: May 19, 2020.
Android-ssl-bypass, 2020 [Online]. Avail-able: https://github.com/iSECPartners/android-ssl-bypass. Accessed on: May 19, 2020.
Refbacks
- There are currently no refbacks.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.