Bypassing Certificate Pinning

Jump to bottom

Paradis Perdu edited this page Feb 27, 2019 · 2 revisions

Good resource:

https://blog.netspi.com/four-ways-bypass-android-ssl-verification-certificate-pinning/

Adding a Custom CA to the User Certificate Store

Android 6.0 or lower
Add attacker CA to user-added CA store
Edit application manifest and force it to target Android 6.0

Network Security Configuration

Define specific trust anchors in the '/res/xml/network_security_config.xml' file of the APK