Bypass SSL Pinning on iOS
Published:
Bypass SSL Pinning on iOS
0x0 Background
By default, HTTPS only ensures that the communication between two parties is not intercepted by a third party after the key exchange is completed. If an attacker launches a man-in-the-middle attack, they can still establish a connection and capture the communication content because many library functions do not verify the server certificate by default. Many sensitive apps verify the server certificate to ensure that even if the device communication is completely hijacked, the communication data will not be leaked. If the certificate received during the HTTPS handshake is not issued by a specified CA or is not a specified certificate, the communication will be rejected. iOS provides related library functions and sample code to help developers complete this part of the work (0x4). Additionally, several widely used network libraries in iOS also provide corresponding methods to verify server certificates (0x2 and 0x3).