search

datatheorem / TrustKit

Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
MIT License
2.01k stars 362 forks source link

SSL pinning not working on the Webview request domain #238

Closed RajeshCentrica closed 3 years ago

RajeshCentrica commented 3 years ago

Hi,

When loading the request URL on the UIWebview and do intercept the request URL using Charles we can see the all the request and response. Does TrustKit support Webview SSL pinning?

SDK TrustKit version 1.6.5 We are passing the valid kTSKPublicKeyHashes.

Sample code snippet

        let trustKitConfig = [
            kTSKSwizzleNetworkDelegates: true,
            kTSKPinnedDomains: [
                “www.requestdomain.com”: [
                    kTSKIncludeSubdomains : true,
                    kTSKPublicKeyAlgorithms: [kTSKAlgorithmRsa2048],
                    kTSKPublicKeyHashes: [
                        “HashKey1”,
                        "HashKey2”
                    ],]]] as [String : Any]
        TrustKit.initialize(withConfiguration: trustKitConfig)

Please assist on this issue.

nabla-c0d3 commented 3 years ago

Hello, Trustkit does not support UIWebView,, but it does support WKWebView (https://developer.apple.com/documentation/webkit/wkwebview?language=objc).

RajeshCentrica commented 3 years ago

Hi @nabla-c0d3

Thanks for details.

We used WKWebView only but it is in the react-native library

We load the URL on WKWebView but TrustKit used from Native side. SSL pinning happened API domain request(API layer managed from React native side).

The SSL pinning not happened WKWebView URL request.

Please let me know if any changes need to be done from the Native side?

dipendra-sharma commented 2 years ago

@nabla-c0d3 Any help on this?

We load the URL on WKWebView but TrustKit used from Native side. SSL pinning happened API domain request(API layer managed from React native side).