Jianwei Huang

Jianwei Huang

PhD Student @ Texas A&M

Sitemap

A list of all the posts and pages found on the site. For you robots out there, there is an XML version available for digesting as well.

Pages

Posts

Bypass SSL Pinning on iOS

13 minute read

Published:

Bypass SSL Pinning on iOS

0x0 Background

By default, HTTPS only ensures that the communication between two parties is not intercepted by a third party after the key exchange is completed. If an attacker launches a man-in-the-middle attack, they can still establish a connection and capture the communication content because many library functions do not verify the server certificate by default. Many sensitive apps verify the server certificate to ensure that even if the device communication is completely hijacked, the communication data will not be leaked. If the certificate received during the HTTPS handshake is not issued by a specified CA or is not a specified certificate, the communication will be rejected. iOS provides related library functions and sample code to help developers complete this part of the work (0x4). Additionally, several widely used network libraries in iOS also provide corresponding methods to verify server certificates (0x2 and 0x3).

publications

Paper Title Number 4

Published in GitHub Journal of Bugs, 2024

This paper is about fixing template issue #693.

Recommended citation: Your Name, You. (2024). "Paper Title Number 3." GitHub Journal of Bugs. 1(3).
Download Paper