Fuzion24 / JustTrustMe

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
Other
4.88k stars 796 forks source link

JustTrustMe

An xposed module that disables SSL certificate checking. This is useful for auditing an application which does certificate pinning. There also exists a nice framework built by @moxie to aid in pinning certs in your app: certificate pinning.

An example of an application that does cert pinning is Twitter. If you would like to view the network traffic for this application, you must disable the certificate pinning.

I built this for xposed rather than cydia substrate because xposed seems to support newer devices better. Marc Blanchou wrote the original tool for cydia substrate. If you find that you are not able to MITM an application please file an issue.

Installation

As a prequsite, your device must be rooted and the xposed framework must be installed. You can download the xposed framework here.

Install from binary

The JustTrustMe binary can be downloaded from https://github.com/Fuzion24/JustTrustMe/releases/latest

adb install ./JustTrustMe.apk

or navigate here and download the APK on your phone: https://github.com/Fuzion24/JustTrustMe/releases/latest

Build from Source

All the normal gradle build commands apply: To build a release APK:

./gradlew assembleRelease

To install directly to the phone connected via ADB:

./gradlew installRelease