Anant Shrivastava, profile picture
Uploaded byAnant Shrivastava
PDF, PPTX21,544 views

SSL Pinning and Bypasses: Android and iOS

Anant Shrivastava's document discusses SSL pinning for Android and iOS to secure communications against man-in-the-middle (MITM) attacks. It outlines methods for implementing SSL pinning, potential challenges when certificates change, and how attackers can bypass these protections. The document also provides implementation details, tools, and references related to SSL pinning and the associated bypass techniques.

Embed presentation

Download as PDF, PPTX
SSL PINNING AND BYPASSES (ANDROID & IOS)   BY ANANT SHRIVASTAVA
ANANT SHRIVASTAVA Information Security Consultant Admin - Dev - Security null + OWASP + G4H and @anantshri Trainer : Blackhat, RuxCon, NullCon, g0s, c0c0n Speaker : Nullcon, c0c0n, ClubHack, RootConf http://anantshri.info         Android Tamer Code Vigilant
SSL PINNING Another layer to achieve secure communication specially protection against MiTM
HOW MITM WORKS 1. Add Root CA of interception proxy in Browser. 2. Divert traffic via interception proxy, proxy handles SSL Connection Client <--HTTPS--> Interception Proxy <--HTTPS--> Server 1. Browser validates that certificate is issued by Trusted CA and allows connection BEFORE AFTER
PKI IS BROKEN 1. System Trust all CA in Trust Store (PortSwigger CA) 2. System Trust's ROOT CA not certification chain 3. Any CA can issue certificate to any website (Diginotar, Trustwave, NIC and many more) 4. Certificate Stolen: Welcome to Revocation hell and CRL Nightmare 5. OCSP to the rescue over port 80 6. and many more
SO WHAT SHOULD WE DO Pin Trust on our own certification chain and validate it at Client Side
WHAT'S THE CATCH 1. What if you get new certificate from a different service provider 2. What if your certificate chain changes 3. What if certificate is revoked 4. What if certificate is stolen 5. What is Client is malacious 6. What if ..... Answer:   You need to update the code everytime certificate changes   ITS EASY PUSH AN UPDATE
SO WHY SHOULD I BOTHER 1. Developers : This hinders attacker from traffic interception. Adds another layer for Attacker to look for. Without Rooting devices its nearly imposible to bypass it so far. 2. Pentesters : This hinders you from inspecting application (be ready for bypasses section)
SSL PINNING IN ANDROID & BYPASS
HOW TO IMPLEMENT SSL PINNING Multiple ways 1. Store Certificate in sqlite and use it directly 2. Store sha1 hashes and compare 3. Store sha1 hash of one element in chain and compare
DEMO DETAILS 1. We have used a helper library called okhttp by square 2. Pins sha1 hashes of entire chain or set of elements in chain
DEMO SSL PINNING
BYPASS DEMO
HOW BYPASS WORKED 1. Xposed Framework Hooks into all Function Calls 2. Whenever request is made for check function inside com.squareup.okhttp.CertificatePinner class, return true   Ref: https://github.com/Fuzion24/JustTrustMe/pull/12
ANDROID DEMO END
SSL PINNING IN IOS & BYPASS
HOW TO IMPLEMENT SSL PINNING 1. Use Third Party helper like 1. SwiftHTTP 2. TrustKit 2. Or Use SecTrustEvaluate via NSURLConnectionDelegate (third party helper basicly are wrapper to do this)
DEMO SSL PINNING
HOW TO BYPASS 1. 2. (superseeds ios-ssl-kill-switch works on 9.0.2 also, doesn't work with itunes/appstore by default) https://github.com/iSECPartners/ios-ssl-kill-switch https://github.com/nabla-c0d3/ssl-kill-switch2
BYPASS DEMO
HOW IT WORKS 1. Leverages Cydia substrate 2. Uses to inject on process 3. Hooks on instead of SecTrustEvaluate or NSURL* as The Secure Transport API is "the lowest-level TLS implementation on iOS" 1. Patch SSLCreateContext(): Disable the built-in certificate validation in all SSL contexts 2. Patch SSLSetSessionOption(): Remove the ability to re-enable the built-in certificate validation 3. Patch SSLHandshake(): Force a trust-all custom certificate validation MobileSubstrate Secure Trasport API Reference: https://nabla-c0d3.github.io/blog/2013/08/20/ios-ssl-kill-switch-v0- dot-5-released/
IOS DEMO END
ANY QUESTIONS
ANANT SHRIVASTAVA Information Security Consultant Admin - Dev - Security null + OWASP + G4H and @anantshri Trainer : Blackhat, RuxCon, NullCon, g0s, c0c0n Speaker : Nullcon, c0c0n, ClubHack, RootConf http://anantshri.info         Android Tamer Code Vigilant
REFERENCES Generic 1. https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Android 1. 2. https://github.com/square/okhttp https://github.com/Fuzion24/JustTrustMe iOS 1. 2. 3. 4. https://github.com/daltoniam/SwiftHTTP https://github.com/datatheorem/TrustKit https://github.com/iSECPartners/ios-ssl-kill-switch https://github.com/nabla-c0d3/ssl-kill-switch2/

More Related Content

PPTX
Building secure applications with keycloak
byAbhishek Koserwal
 
PPTX
Certificate pinning in android applications
byArash Ramez
 
PDF
"DevOps > CI+CD "
byInnovation Roots
 
PDF
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
PDF
SAML Protocol Overview
byMike Schwartz
 
PDF
The State of DevSecOps
byDevOps Indonesia
 
PPTX
Rest API Security
byStormpath
 
PPTX
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
Building secure applications with keycloak
byAbhishek Koserwal
 
Certificate pinning in android applications
byArash Ramez
 
"DevOps > CI+CD "
byInnovation Roots
 
API Security Best Practices & Guidelines
byPrabath Siriwardena
 
SAML Protocol Overview
byMike Schwartz
 
The State of DevSecOps
byDevOps Indonesia
 
Rest API Security
byStormpath
 
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 

What's hot

ODP
OWASP Secure Coding
bybilcorry
 
PDF
Introduction to CICD
byKnoldus Inc.
 
PPTX
Jenkins
byMohanRaviRohitth
 
PDF
Threat Modeling Everything
byAnne Oikarinen
 
PPTX
CI/CD
byAmitDhodi
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PPTX
DevSecOps reference architectures 2018
bySonatype
 
PDF
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
byEdureka!
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
PPTX
SSL
byBadrul Alam bulon
 
PPT
CI and CD with Jenkins
byMartin Málek
 
PDF
F5 TLS & SSL Practices
byBrian A. McHenry
 
PPTX
Introduction to CI/CD
bySteve Mactaggart
 
PDF
Introduction to SAML 2.0
byMika Koivisto
 
PPTX
Ssl and tls
byRana assad ali
 
PDF
Security Process in DevSecOps
byOpsta
 
PDF
Ssdf nist
byNaveen Koyi
 
PPTX
DEVSECOPS.pptx
byMohammadSaif904342
 
PDF
HTTP Security Headers
byIsmael Goncalves
 
PPTX
Vault
byJean-Philippe Bélanger
 
OWASP Secure Coding
bybilcorry
 
Introduction to CICD
byKnoldus Inc.
 
Jenkins
byMohanRaviRohitth
 
Threat Modeling Everything
byAnne Oikarinen
 
CI/CD
byAmitDhodi
 
2019 DevSecOps Reference Architectures
bySonatype
 
DevSecOps reference architectures 2018
bySonatype
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
byEdureka!
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
SSL
byBadrul Alam bulon
 
CI and CD with Jenkins
byMartin Málek
 
F5 TLS & SSL Practices
byBrian A. McHenry
 
Introduction to CI/CD
bySteve Mactaggart
 
Introduction to SAML 2.0
byMika Koivisto
 
Ssl and tls
byRana assad ali
 
Security Process in DevSecOps
byOpsta
 
Ssdf nist
byNaveen Koyi
 
DEVSECOPS.pptx
byMohammadSaif904342
 
HTTP Security Headers
byIsmael Goncalves
 
Vault
byJean-Philippe Bélanger
 

Viewers also liked

PDF
Certificate Pinning in Mobile Applications
byLuca Bongiorni
 
PPTX
Pentesting Android Applications
byCláudio André
 
PDF
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
byAnant Shrivastava
 
PPTX
Penetrating Android Aapplications
byRoshan Thomas
 
PDF
Exploiting publically exposed Version Control System
byAnant Shrivastava
 
PDF
Slides null puliya linux basics
byAnant Shrivastava
 
PPTX
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
byAnant Shrivastava
 
PDF
My tryst with sourcecode review
byAnant Shrivastava
 
PDF
Android Tamer BH USA 2016 : Arsenal Presentation
byAnant Shrivastava
 
PDF
Snake bites : Python for Pentesters
byAnant Shrivastava
 
PDF
Null bhopal Sep 2016: What it Takes to Secure a Web Application
byAnant Shrivastava
 
PDF
OWASP Bangalore : OWTF demo : 13 Dec 2014
byAnant Shrivastava
 
PDF
Android Tamer: Virtual Machine for Android (Security) Professionals
byAnant Shrivastava
 
PDF
Tale of Forgotten Disclosure and Lesson learned
byAnant Shrivastava
 
PDF
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
PDF
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
byAnant Shrivastava
 
PDF
WhitePaper : Security issues in android custom rom
byAnant Shrivastava
 
PDF
Raspberry pi Beginners Session
byAnant Shrivastava
 
PDF
When the internet bleeded : RootConf 2014
byAnant Shrivastava
 
PPT
Web2.0 : an introduction
byAnant Shrivastava
 
Certificate Pinning in Mobile Applications
byLuca Bongiorni
 
Pentesting Android Applications
byCláudio André
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
byAnant Shrivastava
 
Penetrating Android Aapplications
byRoshan Thomas
 
Exploiting publically exposed Version Control System
byAnant Shrivastava
 
Slides null puliya linux basics
byAnant Shrivastava
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
byAnant Shrivastava
 
My tryst with sourcecode review
byAnant Shrivastava
 
Android Tamer BH USA 2016 : Arsenal Presentation
byAnant Shrivastava
 
Snake bites : Python for Pentesters
byAnant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
byAnant Shrivastava
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
byAnant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
byAnant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
byAnant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
byAnant Shrivastava
 
WhitePaper : Security issues in android custom rom
byAnant Shrivastava
 
Raspberry pi Beginners Session
byAnant Shrivastava
 
When the internet bleeded : RootConf 2014
byAnant Shrivastava
 
Web2.0 : an introduction
byAnant Shrivastava
 

Similar to SSL Pinning and Bypasses: Android and iOS

PDF
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
byNowSecure
 
PDF
Dima Kovalenko - Modern SSL Pinning
byOWASP Kyiv
 
PPTX
Certificate pinning v certificate transparency
byDianaKhersonskaia
 
PDF
Mfp80 certificate pinning
byJorge Iglesias Fernández
 
PPTX
SSL Pinning
byyarden hanan
 
PDF
Certificate Pinning: Not as Simple as It Sounds
bySynopsys Software Integrity Group
 
PDF
Alfresco DevCon 2019: Encryption at-rest and in-transit
byToni de la Fuente
 
PPTX
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
byBunty Madan
 
PDF
Android application security testing
byMykhailo Antonishyn
 
PDF
Building Encrypted APIs with HTTPS and Paillier
byNicholas Doiron
 
PPTX
Hacking mobile apps
bykunwaratul hax0r
 
PDF
MCE^3 - Scott Alexander-Bown - Android App Security on a Budget
byPROIDEA
 
PDF
Denis Zhuchinski Ways of enhancing application security
byАліна Шепшелей
 
PDF
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
byInhacking
 
PDF
Pentesting iOS Apps
byHerman Duarte
 
PDF
Setting Up a Cloud Server - Part 4 - Transcript.pdf
byShaiAlmog1
 
PPTX
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
byDataArt
 
PDF
Avoiding damage, shame and regrets data protection for mobile client-server a...
byStanfy
 
PDF
Microsoft Bluehat 2017: Mobile SSL Interception
byHimanshu Dwivedi
 
PPTX
Mobile security part 2
byRomansh Yadav
 
Cutting out the middleman: Man-in-the-middle attacks and prevention for mobil...
byNowSecure
 
Dima Kovalenko - Modern SSL Pinning
byOWASP Kyiv
 
Certificate pinning v certificate transparency
byDianaKhersonskaia
 
Mfp80 certificate pinning
byJorge Iglesias Fernández
 
SSL Pinning
byyarden hanan
 
Certificate Pinning: Not as Simple as It Sounds
bySynopsys Software Integrity Group
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
byToni de la Fuente
 
iOS Security - Secure-iOS-Guidelines - Apple | iOS | Swift
byBunty Madan
 
Android application security testing
byMykhailo Antonishyn
 
Building Encrypted APIs with HTTPS and Paillier
byNicholas Doiron
 
Hacking mobile apps
bykunwaratul hax0r
 
MCE^3 - Scott Alexander-Bown - Android App Security on a Budget
byPROIDEA
 
Denis Zhuchinski Ways of enhancing application security
byАліна Шепшелей
 
SE2016 Android Denis Zhuchinski "Ways of enhancing application security"
byInhacking
 
Pentesting iOS Apps
byHerman Duarte
 
Setting Up a Cloud Server - Part 4 - Transcript.pdf
byShaiAlmog1
 
"Mobile security: iOS", Yaroslav Vorontsov, DataArt
byDataArt
 
Avoiding damage, shame and regrets data protection for mobile client-server a...
byStanfy
 
Microsoft Bluehat 2017: Mobile SSL Interception
byHimanshu Dwivedi
 
Mobile security part 2
byRomansh Yadav
 

More from Anant Shrivastava

PDF
Diverseccon keynote: My 2 Paisa's on Infosec World
byAnant Shrivastava
 
PPTX
Career In Information security
byAnant Shrivastava
 
PDF
Security Issues in Android Custom ROM
byAnant Shrivastava
 
PDF
Web application finger printing - whitepaper
byAnant Shrivastava
 
PDF
Battle Underground NullCon 2011 Walkthrough
byAnant Shrivastava
 
PDF
Nullcon Hack IM 2011 walk through
byAnant Shrivastava
 
PPT
Avr introduction
byAnant Shrivastava
 
PPT
Embedded Systems : introduction
byAnant Shrivastava
 
PPT
introduction to Lamp Stack
byAnant Shrivastava
 
PPT
Logic Families Electronics
byAnant Shrivastava
 
PPT
Filesystem
byAnant Shrivastava
 
PPT
basic knowhow hacking
byAnant Shrivastava
 
Diverseccon keynote: My 2 Paisa's on Infosec World
byAnant Shrivastava
 
Career In Information security
byAnant Shrivastava
 
Security Issues in Android Custom ROM
byAnant Shrivastava
 
Web application finger printing - whitepaper
byAnant Shrivastava
 
Battle Underground NullCon 2011 Walkthrough
byAnant Shrivastava
 
Nullcon Hack IM 2011 walk through
byAnant Shrivastava
 
Avr introduction
byAnant Shrivastava
 
Embedded Systems : introduction
byAnant Shrivastava
 
introduction to Lamp Stack
byAnant Shrivastava
 
Logic Families Electronics
byAnant Shrivastava
 
Filesystem
byAnant Shrivastava
 
basic knowhow hacking
byAnant Shrivastava
 

Recently uploaded

PPTX
Agentic AI presentation with Python Exercises
byParth Mane
 
PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PDF
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
PDF
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PDF
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
PDF
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PDF
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
PDF
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
PDF
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
PDF
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
PDF
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
PPTX
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
PDF
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
PDF
Linux Foundation Certified System Administrator (LFCS) Exam.pdf
byLinuxCert Guru
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
Agentic AI presentation with Python Exercises
byParth Mane
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
IDSECCONF2025 - Aan Wahyu - Maze–Malware Analysis Platform.pdf
byidsecconf
 
Raj Jain, Recent Advances, Issues, and Challenges in Cybersecurity, Keynote a...
byrjain51
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
SELinux Policy Management in RHEL - RHCSA+.pdf
byLinuxCert Guru
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
IDSECCONF2025 - Faisal Ilham - Semi Automating Vulnerability Scanner and Expl...
byidsecconf
 
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
SELinux Basics: Managing SELinux Modes and Context - RHCSA+.pdf
byLinuxCert Guru
 
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
IDSECCONF2025 - Budi Rahardjo - Cyber Security and AI.pdf
byidsecconf
 
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
PMI PMBOK8 Released on November 13, 2025
byScott M. Graffius
 
Linux Foundation Certified System Administrator (LFCS) Exam.pdf
byLinuxCert Guru
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
In this document
Powered by AI

An introduction to SSL pinning by Anant Shrivastava, highlighting his background in information security.

Overview of SSL pinning's role in securing communications and addressing vulnerabilities like MITM.

The limitations and challenges of SSL pinning, including updates needed for certificate changes.

Emphasizes the benefits of SSL pinning for developers in preventing traffic interception.

Details on implementing SSL pinning in Android, including methods to store certificates and their hashes.

A practical demonstration of SSL pinning and bypassing techniques in Android applications.

Explains methods for implementing SSL pinning in iOS, including the use of third-party helpers.

Demonstration of SSL pinning in iOS and methods for bypassing it, including relevant tools.

Technical details on how to bypass SSL pinning in iOS apps using custom patching methods.

Open floor for questions and provides references for further reading on SSL pinning and bypass techniques.

SSL Pinning and Bypasses: Android and iOS

  • 1.
    SSL PINNING AND BYPASSES (ANDROID& IOS)   BY ANANT SHRIVASTAVA
  • 2.
    ANANT SHRIVASTAVA Information SecurityConsultant Admin - Dev - Security null + OWASP + G4H and @anantshri Trainer : Blackhat, RuxCon, NullCon, g0s, c0c0n Speaker : Nullcon, c0c0n, ClubHack, RootConf http://anantshri.info         Android Tamer Code Vigilant
  • 3.
    SSL PINNING Another layerto achieve secure communication specially protection against MiTM
  • 4.
    HOW MITM WORKS 1.Add Root CA of interception proxy in Browser. 2. Divert traffic via interception proxy, proxy handles SSL Connection Client <--HTTPS--> Interception Proxy <--HTTPS--> Server 1. Browser validates that certificate is issued by Trusted CA and allows connection BEFORE AFTER
  • 5.
    PKI IS BROKEN 1.System Trust all CA in Trust Store (PortSwigger CA) 2. System Trust's ROOT CA not certification chain 3. Any CA can issue certificate to any website (Diginotar, Trustwave, NIC and many more) 4. Certificate Stolen: Welcome to Revocation hell and CRL Nightmare 5. OCSP to the rescue over port 80 6. and many more
  • 6.
    SO WHAT SHOULDWE DO Pin Trust on our own certification chain and validate it at Client Side
  • 8.
    WHAT'S THE CATCH 1.What if you get new certificate from a different service provider 2. What if your certificate chain changes 3. What if certificate is revoked 4. What if certificate is stolen 5. What is Client is malacious 6. What if ..... Answer:   You need to update the code everytime certificate changes   ITS EASY PUSH AN UPDATE
  • 9.
    SO WHY SHOULDI BOTHER 1. Developers : This hinders attacker from traffic interception. Adds another layer for Attacker to look for. Without Rooting devices its nearly imposible to bypass it so far. 2. Pentesters : This hinders you from inspecting application (be ready for bypasses section)
  • 10.
    SSL PINNING INANDROID & BYPASS
  • 11.
    HOW TO IMPLEMENTSSL PINNING Multiple ways 1. Store Certificate in sqlite and use it directly 2. Store sha1 hashes and compare 3. Store sha1 hash of one element in chain and compare
  • 12.
    DEMO DETAILS 1. Wehave used a helper library called okhttp by square 2. Pins sha1 hashes of entire chain or set of elements in chain
  • 13.
  • 14.
  • 15.
    HOW BYPASS WORKED 1.Xposed Framework Hooks into all Function Calls 2. Whenever request is made for check function inside com.squareup.okhttp.CertificatePinner class, return true   Ref: https://github.com/Fuzion24/JustTrustMe/pull/12
  • 16.
  • 17.
    SSL PINNING INIOS & BYPASS
  • 18.
    HOW TO IMPLEMENTSSL PINNING 1. Use Third Party helper like 1. SwiftHTTP 2. TrustKit 2. Or Use SecTrustEvaluate via NSURLConnectionDelegate (third party helper basicly are wrapper to do this)
  • 19.
  • 20.
    HOW TO BYPASS 1. 2.(superseeds ios-ssl-kill-switch works on 9.0.2 also, doesn't work with itunes/appstore by default) https://github.com/iSECPartners/ios-ssl-kill-switch https://github.com/nabla-c0d3/ssl-kill-switch2
  • 21.
  • 22.
    HOW IT WORKS 1.Leverages Cydia substrate 2. Uses to inject on process 3. Hooks on instead of SecTrustEvaluate or NSURL* as The Secure Transport API is "the lowest-level TLS implementation on iOS" 1. Patch SSLCreateContext(): Disable the built-in certificate validation in all SSL contexts 2. Patch SSLSetSessionOption(): Remove the ability to re-enable the built-in certificate validation 3. Patch SSLHandshake(): Force a trust-all custom certificate validation MobileSubstrate Secure Trasport API Reference: https://nabla-c0d3.github.io/blog/2013/08/20/ios-ssl-kill-switch-v0- dot-5-released/
  • 23.
  • 24.
  • 25.
    ANANT SHRIVASTAVA Information SecurityConsultant Admin - Dev - Security null + OWASP + G4H and @anantshri Trainer : Blackhat, RuxCon, NullCon, g0s, c0c0n Speaker : Nullcon, c0c0n, ClubHack, RootConf http://anantshri.info         Android Tamer Code Vigilant
  • 26.