![]() ![]() ![]() Overwriting a packaged CA cert with a custom CA cert.Adding a custom CA to the trusted certificate store.In this blog I’ll go through 4 techniques you can use to bypass SSL certificate checks on Android: As pentesters, we’d like to convince the app that our certificate is valid and trusted so we can man-in-the-middle (MITM) it and modify its traffic. Instead, most modern applications at least check that the certificate presented chains to a valid, trusted certificate authority (CA). Gone are the days when mobile applications stoically ignored all manner of SSL errors and allowed you to intercept and modify their traffic at will. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |