Discover and read the best of Twitter Threads about #SSLPinning
Most recents (1)
Okay folks, let's talk about bypassing #SSLPinning in #Android applications.
It's going to be a bit long Twitter 🧵
It's going to be a bit long Twitter 🧵
First, let's talk about SSL Pinning.
It's "pinning" some content of your website's public SSL certificate to your Android app.
It can be hash from your leaf cert, intermediate CA or even root CA.
It's "pinning" some content of your website's public SSL certificate to your Android app.
It can be hash from your leaf cert, intermediate CA or even root CA.
SSL Pinning makes sure that the your Android app is talking to your server over HTTPS.
If you pin the hash of leaf cert, it mitigates your app connecting to any other HTTPS server whose SSL cert is issued by a CA that the device trusts.
If you pin the hash of leaf cert, it mitigates your app connecting to any other HTTPS server whose SSL cert is issued by a CA that the device trusts.
