Break through SSL Pinning to capture packets

Enterprise 2023-07-01 04:21:14 views: null

1 Introduction

1. Problems encountered

When doing app penetration testing, I encountered a problem, that is, when using burpsuite or stream to capture app packets, it shows that the certificate is invalid

image.png

2. Break through SSL Pinning

1. SSL Pinning

SSL Pinning is also called SSL certificate binding. After receiving the certificate from the server, the client performs a strong check on the certificate to verify whether the certificate is recognized by the client. If not, the connection is directly disconnected. It also caused the network request to fail after I encountered a hanging proxy before, but this method is not all because of this reason.

2. Solutions

App for IOS bypasses SSL Pinning here using SSL Kill Switch 2

What needs to be prepared are:

  • A jailbroken IOS phone
  • Debian Packager plugin
  • Cydia Substrate plugin
  • PreferenceLoader plugin
  • deb package of SSL Kill Switch2

First import the downloaded deb package into the jailbroken ios phone

image.png

Install these 3 packages separately in cydia

image.png

image.png

image.png

ssh connects to the mobile phone and executes commands in sequence to install

dpkg -i com.nablac0d3.sslkillswitch2_0.13.deb
killall -HUP SpringBoard

iPhone:~ root# ls
Application Support  Library  Media  com.nablac0d3.sslkillswitch2_0.13.deb
iPhone:~ root# dpkg -i com.nablac0d3.sslkillswitch2_0.13.deb
Selecting previously unselected package com.nablac0d3.sslkillswitch2.
(Reading database ... 2959 files and directories currently installed.)
Preparing to unpack com.nablac0d3.sslkillswitch2_0.13.deb ...
Unpacking com.nablac0d3.sslkillswitch2 (0.13-1+debug) ...
Setting up com.nablac0d3.sslkillswitch2 (0.13-1+debug) ...
iPhone:~ root# killall -HUP SpringBoard

After executing the command, check the software package and find that there is a plug-in for SSL Kill Switch 2
image.png

After booting and restarting, I found that there is SSL Kill Switch 2 in the settings. If not, it may be because the phone is not fully jailbroken due to restarting. After jailbreaking again, it will be in the settings.

image.png

Turn on the plug-in switch, reopen the corresponding software to capture the packet, and then the data packet can be successfully captured
image.png

Guess you like

Origin blog.csdn.net/ssjjtt1997/article/details/101435644
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com