Nytro Posted November 13, 2014 Report Posted November 13, 2014 Android-SSL-TrustKiller Blackbox tool to bypass SSL certificate pinning for most applications running on a device. Description This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate. UsageEnsure that Cydia Substrate has been deployed on your test device. The installer requires a rooted device and can be found on the Google Play store at https://play.google.com/store/apps/details?id=com.saurik.substrate&hl=en Download the pre-compiled APK available at https://github.com/iSECPartners/Android-SSL-TrustKiller/releases Install the APK package on the device: adb install Android-SSL-TrustKiller.apk Add the CA certificate of your proxy tool to the device's trust store. Notes Use only on a test devices as anyone on the same network can intercept traffic from a number of applications including Google apps. This extension will soon be integrated into Introspy-Android (https://github.com/iSECPartners/Introspy-Android) in order to allow you to proxy only selected applications. License See ./LICENSE. Authors Marc BlanchouSursa: https://github.com/iSECPartners/Android-SSL-TrustKiller Quote
