Most mobile applications that process payments or PII data have SSL pinning. OWASP Mobile Appsec Standard even recommends it for apps handling sensitive data. This guide will walk you through SSL Pinning basics, how it’s implemented, and various tools and methods to bypass such protection in the Android Apps.
The ebook covers offensive and defensive side of SSL Pinning and includes the following:
- Lower Android Version
- Using Frida Gadgeting
- Taint Analysis using Frida
- Using JustTrustMe - Xposed Module
- Using Objection framework
- Network Security Config Modification
- Frida Injection
- Miscellaneous (Android Trustkiller, Inspackage, etc.)
