You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It might be a good idea to provide more details about the certificate pinning with the Static Analysis, indeed, it might theoritically be possible to detect insecure SSL implementation with the raw smali/java source code, i.e. Mallodroid. Also, you could include the exact location (class, method) where the pinning is done (makes manual patching quicker). Moreover, it would be very handy to add a feature like certificate unpinning, to automatically generate an apk which trusts all certificates (no check) so it would make the patching process easier to use the app with different proxies (Burp) in order to perform further manual analysis of the app. I am aware of the existence of Android-SSL-Killer for example, but I personally like to do things myself.
The text was updated successfully, but these errors were encountered:
I will track this as a low priority enhancement as lots of important things are already in the pipeline.
This also requires lots of work and research as there are numerous ways to do pinning.
It might be a good idea to provide more details about the certificate pinning with the Static Analysis, indeed, it might theoritically be possible to detect insecure SSL implementation with the raw smali/java source code, i.e. Mallodroid. Also, you could include the exact location (class, method) where the pinning is done (makes manual patching quicker). Moreover, it would be very handy to add a feature like certificate unpinning, to automatically generate an apk which trusts all certificates (no check) so it would make the patching process easier to use the app with different proxies (Burp) in order to perform further manual analysis of the app. I am aware of the existence of Android-SSL-Killer for example, but I personally like to do things myself.
The text was updated successfully, but these errors were encountered: