Bypass SSL certificate pinning for most applications
Java
Latest commit a96fc37 Jan 24, 2014 @mblanchou mblanchou Update README.md
Permalink
Failed to load latest commit information.
.settings initial commit Dec 11, 2013
bin initial commit Dec 11, 2013
libs initial commit Dec 11, 2013
res initial commit Dec 11, 2013
src/com/android/SSLTrustKiller initial commit Dec 11, 2013
.classpath initial commit Dec 11, 2013
.project initial commit Dec 11, 2013
AndroidManifest.xml initial commit Dec 11, 2013
LICENSE.txt initial commit Dec 11, 2013
README.md Update README.md Jan 24, 2014
ic_launcher-web.png initial commit Dec 11, 2013
proguard-project.txt initial commit Dec 11, 2013
project.properties initial commit Dec 11, 2013

README.md

Android-SSL-TrustKiller

Blackbox tool to bypass SSL certificate pinning for most applications running on a device.

Description

This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.

Usage

Notes

Use only on a test devices as anyone on the same network can intercept traffic from a number of applications including Google apps. This extension will soon be integrated into Introspy-Android (https://github.com/iSECPartners/Introspy-Android) in order to allow you to proxy only selected applications.

License

See ./LICENSE.

Authors

Marc Blanchou