Four ways to bypass Android SSL. Verification and Certificate Pinning

Authors

DOI:

https://doi.org/10.32347/tit2020.31.0302

Keywords:

SSL-pinning bypass, android application, android application security assessment

Abstract

Gone are the days when mobile applications stoically ignore all manners of SSL errors and allow you to intercept and modify their traffic at will. Instead, most modern applications at least check the presented certificate chains to a valid, trusted certificate authority (CA). All pentesters like to convince the app that our certificate is valid and trusted so we can man-in-the-middle (MITM) it and modify its traffic.

References

Four Ways to Bypass Android SSL Verifi-cation and Certificate Pinning, 2020 [Online]. Available: https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/. Accessed on: May 19, 2020.

All about SSL pinning bypass, 2020 [Online]. Available: https://ninadmathpati.com/all-about-ssl-pinning-bypass/. Accessed on: May 19, 2020.

SSL PINNING: Mobile banking protection on android with ssl certificate, 2020 [Online]. Available: https://www.emaro-ssl.ru/blog/ssl-pinning-for-android/. Ac-cessed on: May 19, 2020.

Xposed Module: Just Trust Me, 2020 [Online]. Available: https://github.com/Fuzion24/JustTrustMe. Accessed on: May 19, 2020.

Xposed Module: SSLUnpinning, 2020 [Online]. Available: https://github.com/ac-pm/SSLUnpinning_Xposed. Accessed on: May 19, 2020.

Android-ssl-bypass, 2020 [Online]. Avail-able: https://github.com/iSECPartners/android-ssl-bypass. Accessed on: May 19, 2020.

Downloads

Published

2020-09-03

Issue

Vol. 3 No. 1 (2020): According to the VI International scientific and practical conference Transfer of Innovative Technologies 2020

Section

Information Technology

License

Copyright (c) 2020 Transfer of Innovative Technologies

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Our journal abides by the CREATIVE COMMONS copyright rights and permissions for open access journals.

Authors, who are published in this journal, agree to the following conditions:

1. The authors reserve the right to authorship of the work and pass the first publication right of this work to the journal under the terms of a Creative Commons Attribution License, which allows others to freely distribute the published research with the obligatory reference to the authors of the original work and the first publication of the work in this journal.

 2. The authors have the right to conclude separate supplement agreements that relate to non-exclusive work distribution in the form in which it has been published by the journal (for example, to upload the work to the online storage of the journal or publish it as part of a monograph), provided that the reference to the first publication of the work in this journal is included.