-
Notifications
You must be signed in to change notification settings - Fork 0
Bypassing Certificate Pinning
Paradis Perdu edited this page Feb 27, 2019
·
2 revisions
Good resource:
https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/
- Android 6.0 or lower
- Add attacker CA to user-added CA store
- Edit application manifest and force it to target Android 6.0
-
Define specific trust anchors in the '/res/xml/network_security_config.xml' file of the APK
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <base-config> <trust-anchors> <certificates src="@raw/my_ca"/> </trust-anchors> </base-config> </network-security-config>
- store the CA at /res/raw/my_ca
- extract the APK
- Overwrite the provided CA with Burp CA
- Probably in /assets folder
Built in SSL pinning bypass:
android sslpinning disable
- Using the disassembled code or Objection figure out what classes are performing certpinning
android hooking search classes certpinning
- Hook the function and watch what it is doing when it detects an invalid certificate
- Attempt to modify the return value for example from 1 to 0
- You could also patch out the functionality within the application for a permanent fix
https://blog.securityevaluators.com/bypassing-okhttp3-certificate-pinning-c68a872ca9c8