SSL Pinning thumbnail

The Ultimate Guide to Android SSL Pinning Bypass

Covers everything you need to know about Android SSL Pinning Bypass.

Content Overview

Most mobile applications that process payments or PII data have SSL pinning. OWASP Mobile Appsec Standard even recommends it for apps handling sensitive data.  This guide will walk you through SSL Pinning basics, how it's implemented, and various tools and methods to bypass such protection in the Android Apps. 

The ebook covers offensive and defensive side of SSL Pinning and includes the following:

  • What is SSL Pinning

  • What is Not SSL Pinning

  • How is SSL Pinning Implemented

  • How to Identify if SSL Pinning is Enabled

  • Bypassing SSL Pinning

- Lower Android Version

- Using Frida Gadgeting

- Taint Analysis using Frida

- Using JustTrustMe - Xposed Module

- Using Objection framework

- Network Security Config Modification

- Frida Injection

- Miscellaneous (Android Trustkiller, Inspackage, etc.)

About the Author
Chandrapal Headshot

Chandrapal is a Security Researcher with deep knowledge of defensive as well as offensive security roles. He has a great hands on understanding of applications with modern security standards and architectures.

In past few engagements, he found some exceptional ways to bypass SSL pinning and hence he talked about SSL pinning in details in this e-book.

SSL Pinning thumbnail

Get Your Copy Here

Covers everything you need to know about Android SSL Pinning Bypass.