Skip to content

iSECPartners/Android-SSL-TrustKiller

Repository files navigation

Android-SSL-TrustKiller

Blackbox tool to bypass SSL certificate pinning for most applications running on a device.

Description

This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.

Usage

Notes

Use only on a test devices as anyone on the same network can intercept traffic from a number of applications including Google apps. This extension will soon be integrated into Introspy-Android (https://github.com/iSECPartners/Introspy-Android) in order to allow you to proxy only selected applications.

License

See ./LICENSE.

Authors

Marc Blanchou