undefined | Better HN

0 pointsmartinald10y ago0 comments

Certificate pinning is easy to defeat.

0 comments

3 comments · 1 top-level

neximo410y ago· 2 in thread

Doesn't exactly answer the question..

If you can run the app on a jailbroken/rooted device, it's fairly easy to beat certificate pinning in a few different ways. Two that come to mind are:

* find the certificate file in the app and replace it with your own.

* hook the function that verifies the certificate and make it return true.

neximo410y ago

If you tried reversing the app in question, none of these methods work as the app has a couple of protections against changing its code.

j / k navigate · click thread line to collapse