Android-SSL-TrustKiller

Blackbox tool to bypass SSL certificate pinning for most applications running on a device.

Description

This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.

Usage

Ensure that Cydia Substrate has been deployed on your test device. The installer requires a rooted device and can be found on the Google Play store at https://play.google.com/store/apps/details?id=com.saurik.substrate&hl=en
Download the pre-compiled APK available at https://github.com/iSECPartners/Android-SSL-TrustKiller/releases

Install the APK package on the device:

  adb install Android-SSL-TrustKiller.apk

Add the CA certificate of your proxy tool to the device's trust store.

Notes

Use only on a test devices as anyone on the same network can intercept traffic from a number of applications including Google apps. This extension will soon be integrated into Introspy-Android (https://github.com/iSECPartners/Introspy-Android) in order to allow you to proxy only selected applications.

License

See ./LICENSE.

Authors

Marc Blanchou

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
.settings		.settings
bin		bin
libs		libs
res		res
src/com/android/SSLTrustKiller		src/com/android/SSLTrustKiller
.classpath		.classpath
.project		.project
AndroidManifest.xml		AndroidManifest.xml
LICENSE.txt		LICENSE.txt
README.md		README.md
ic_launcher-web.png		ic_launcher-web.png
proguard-project.txt		proguard-project.txt
project.properties		project.properties

License

iSECPartners/Android-SSL-TrustKiller

Folders and files

Latest commit

History

Repository files navigation

Android-SSL-TrustKiller

Description

Usage

Notes

License

Authors

About

Resources

License

Stars

Watchers

Forks

Languages