Bypass SSL Certificate Pinning In IOS


How to find SSL Pinning is implemented in source code?

By searching for strings like "NSURLConnection", it would show you piece of code with pinning.



Below are the Steps to Intercept the apps on IOS and Bypassing SSL Pinning.

1) Configure the IOS device (Jailbroken) and auditor laptop on same network. Set the proxy settings in IOS device to point to auditor laptop.



2) Then import the Burpsuite CA certificate to IOS device (Best method is to email cert to device). Then install the certificate on device.



3) Then download the latest release of IOS-SSL-KILLSWITCH (i.e. *.deb file) and copy the same to device. Exit the Cydia before installation of Kill switch (otherwise you get space error).



4) After successful installation the IOS SSL Kill switch start appearing under Settings. Toggle the switch will Enable/Disable Pinning.

 



Note: We tested this on Jailbroken IOS 8.1.2 and iOS SSL Kill Switch v0.6

** Update :- Its recommended to use the latest release of iOS SSL Kill Switch 2 by Alban Diquet.

Comments

  1. Cyber security is one of the most important measures that we should consider. Thanks for the great piece of content. The info is great.

    ReplyDelete
  2. Very nice article. I am getting space error while installing. Can you please point 3 in little more detail?

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. I agree so much. we should all be reinforcing positive feedback within the comment sections. So many good points to take into consideration.
    When people have good things to say about my web site Prasoon Kumar Arya it really makes positive impact.

    ReplyDelete
  5. Your post is really good thanks for sharing these kind of post but if anyone looking for Best Consulting Firm for Fake Experience Certificate Providers in noida, India with Complete Documents So Dreamsoft Consultancy is the Best Place.Further Details Here- 9599119376 or VisitWebsite-https://experiencecertificates.com/experience-certificate-provider-in-Noida.html

    ReplyDelete

Post a Comment

Popular Posts