Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does this work with apps that do their own TLS using their own pinned certs? I don't see how it could. Surely that's a lot of high profile apps these days.

If this app works without root, it must be possible to apps on iPhone to add their own certificates to the system, which are then trusted by other applications - that would already be pretty alarming. I think Android still requires certificates to be manually imported by the user. Maybe this app points you to instructions on how to do this, but the description makes it sound very automatic.



If you've got a Jailbroken phone, this post explains how to extract the TLS keys (to decrypt the traffic) using a Frida script

https://andydavies.me/blog/2019/12/12/capturing-and-decrypti...


For sure, it can be done, I was just thinking that MITMing yourself on iPhone is not so easy these days as just installing this one app.


You can add an ssl certificate but if they do cert pinning then it breaks. Most don’t do cert pinning.


No, you’d need to jailbreak or modify the application for that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: