I have an application for which I need to do performance testing but it has pinning enabled due to which I am not able to capture traffic. Are there any specific tools which can help me capture the traffic?
How can I capture traffic of an android application having pinning enabled?
471 Views Asked by Jade At
1
There are 1 best solutions below
Related Questions in ANDROID
- Creating global Class holder
- Flutter + Dart: Editing name of a tab shows up a black screen
- android-pdf-viewer Received status code 401 from server: Unauthorized
- Sdk 34 WRITE_EXTERNAL_STORAGE not working
- ussd reader in Recket Native module
- Incorrect display of LinearGradientBrush in IOS
- The Binary Version Of its metadata is 1.8.0, expected Version is 1.6.0 build error
- I can't make TextInput to auto expand properly in Android
- Creating multiple instances of a class with different initializing values in Flutter
- How to create a lottie animation
- making android analyze with coverity sast tool
- Flutter plugin development android src not opening after opening example
- I initialize my ViewModel in the Activity with several fragments as tabs, but the fragments(tabs) return null for the updated livedata
- Node.js Server + Socket.IO + Android Mobile Applicatoin XHR Polling Error...?
- How I can use the shared preferences class?
Related Questions in SSL
- Django's previous settings prevent connecting to localhost
- SSL error when redirecting from one lightsail subdomain to lightsail subdomain on different account
- HTTP Requests from SSL Secured(HTTPS) Domain Failing
- Reversed TLS re-connection issue
- Nginx configuration file and SSL certificate errors in Docker
- IBM DB2 console doesn't work after SSL certificate update
- mTLS not working with FastAPI and Uvicorn
- WSO2 change localhost - ERR_CERT_AUTHORITY_INVALID
- KeyCloak Handshake causing timeout
- Python SSL Error , Server side - Client certificate verify failing with Intermediate cert - self-signed certificate in certificate chain (_ssl.c:1007)
- Apps migrated from IIS server1 to another IIS server2 stopped communicating with an App on IIS server 1 via SSL (HTTPS)
- Let Artifactory use HTTPS settings
- Even though I added my SSL certificate, I get the "not secure" error
- CST 0001 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 173.725µs with error EOF remoteaddress=127.0.0.1:7051
- ERR_SSL_PROTOCOL_ERROR generated using X509 certificate with Kestrel hosting in .NET 8 on Linux
Related Questions in PINNING
- SSL Pinning not working for React Native . error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
- Bypassing security pinning with Frida
- Implementing Drop for a Future in Rust
- How to specify the physical CoreIDs used for "CLOSE" when specifying OMP_PROC_BIND?
- Frida Certificate Pinning is failing for all the apps
- Widget pinning not working with Android Huawei and Vivo devices
- Pin Report to dashboard using Power BI Embed
- OpenSSL: SHA256 hash of public key needed for Androids SSL Pinning is not 32 bytes long
- Bypass certificate pinning for development builds with network-security-config.xml?
- sslSocketFactory()' in 'okhttp3.OkHttpClient' cannot be applied to '(javax.net.ssl.SSLSocketFactory)'
- SHA-256 certificate pinning isn't working
- How to do SSL Pinning in react native app with Azure server?
- OkHttp Certificate pinning Error or default behavior?
- Xamarin ios, SSL pinning : Public key hash calculated does not match
- React Native SSL Pinning multiple .cer
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Pinning is the additional layer of security implemented at the client side to let the mobile application only trust a particular SSL certificate during HTTPs connection establishment and not the certificates installed in the device trust store. Since the implementation is the client side implementation, it can be easily bypassed using the following techniques:
SSL Pinning is the additional layer of security implemented at the client side to let the mobile application only trust a particular SSL certificate during HTTPs connection establishment and not the certificates installed in the device trust store. Since the implementation is the client side implementation, it can be easily bypassed using the following techniques:
Automated Approach
Xposed modules such as SSLUnpinning 2.0. FRIDA(Dynamic Instrumentation Tool)-Universal SSL Pinning Bypass Script. Inspeckage-Android Package Inspector Manual Approach
I feel this is the last, bit complex and the most reliable solution for bypassing SSL Pinning. The following are the steps to perform the same.
Understand the implementation of SSL Pinning. You can refer to this Medium blog which explains the implementation of SSL Pinning using different network libraries such as OkHttp, Volley, Retrofit etc. Analyze the responsible method and map the same with the SMALI code. Once the responsible method is analyzed and identified, we can use the following approach for bypassing SSL Pinning:
Tampering Application
Tamper the SMALI code to bypass SSL Pinning. Re-Build the application using APKTool. Resign and install the application and capture the traffic.