Nytro Posted January 26, 2014 Report Posted January 26, 2014 [h=1]iOS SSL Kill Switch[/h]Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps. [h=2]Description[/h] Once installed on a jailbroken device, iOS SSL Kill Switch patches low-level SSL functions within the Secure Transport API, including SSLSetSessionOption() and SSLHandshake() in order to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against the Twitter, Facebook, Square and Apple App Store apps; all of them implement certificate pinning. iOS SSL Kill Switch was initially released at Black Hat Vegas 2012. For more technical details on how it works, see iOS SSL Kill Switch v0.5 Released | In Security [h=2]Installation[/h] Users should first download the latest pre-compiled Debian package available in the release section of the project page at: https://github.com/iSECPartners/ios-ssl-kill-switch/releases The tool was tested on iOS7 running on an iPhone 5S. [h=3]Dependencies[/h] iOS SSL Kill Switch will only run on a jailbroken device. Using Cydia, make sure the following packages are installed:dpkgMobileSubstratePreferenceLoaderSursa: https://github.com/iSECPartners/ios-ssl-kill-switch Quote
