`
public override func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
// Call into TrustKit here to do pinning validation
if NetworkUtil.isTrustKitInitialized {
if TrustKit.sharedInstance().pinningValidator.handle(challenge, completionHandler: completionHandler) == false {
// TrustKit did not handle this challenge: perhaps it was not for server trust
// or the domain was not pinned. Fall back to the default behavior
completionHandler(.performDefaultHandling, nil)
} else {
// TrustKit did successfully handled this challenge and took decision based on trust chain
DDLogDebug("SSL Pinning handled successfully")
}
} else {
completionHandler(.performDefaultHandling, nil)
}
}
//urlStr is passed here as an argument based on the user's selection of environment
if let sslKeys = Constants.SSLKeys(),
let url = URL(string: urlStr),
let domain = url.host {
let trustKitConfig = [
kTSKSwizzleNetworkDelegates: false,
kTSKPinnedDomains: [
domain: [
kTSKEnforcePinning: true,
kTSKIncludeSubdomains: true,
kTSKPublicKeyHashes: sslKeys
]
]
] as [String: Any]
TrustKit.initSharedInstance(withConfiguration: trustKitConfig)
isTrustKitInitialized = true
}
}
`
We are using BurpSuite to trace the network (setting up a proxy server and routing iPhone to use a proxy) and we can read all communication in plaintext.
This code was working but looks like on the latest iOS it is not working. I request help here.
Hello,
Below is the code we have written
` public override func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) { // Call into TrustKit here to do pinning validation if NetworkUtil.isTrustKitInitialized { if TrustKit.sharedInstance().pinningValidator.handle(challenge, completionHandler: completionHandler) == false { // TrustKit did not handle this challenge: perhaps it was not for server trust // or the domain was not pinned. Fall back to the default behavior completionHandler(.performDefaultHandling, nil) } else { // TrustKit did successfully handled this challenge and took decision based on trust chain DDLogDebug("SSL Pinning handled successfully")
} } else { completionHandler(.performDefaultHandling, nil) } }
//FILE: NetworkUtil.swift static func initializeTrustKit(urlStr: String) {
`
We are using BurpSuite to trace the network (setting up a proxy server and routing iPhone to use a proxy) and we can read all communication in plaintext.
This code was working but looks like on the latest iOS it is not working. I request help here.