Open kaerbannog opened 7 months ago
Do you know why this is required in your case?
Currently we don't hook OkHostnameVerifier
because I think it shouldn't be required if your interception setup is working correctly. It's really just verifying that the hostname matches the certificate with normal TLS rules - it shouldn't be pinning anything.
If there's a case where this doesn't work, it'd be great if you could share an example I can test!
Ok, I understand your point. As I see(not sure, lot of obfuscation), the hash of the certificat is hardcoded, so the match failed. I can't share the apk sorry :/.
Can you share more details about where and how the hash of the certificate is hardcoded? Just sharing the stack trace of the failure and the outline of the class involved would be very helpful. That would be interesting and might lead to something useful that could be fixed.
I think my point above is worth reiterating though: if OkHostnameVerifier
is failing, that probably means your interception setup is not correct, it doesn't mean that you need to add more unpinning hooks (you can, to work around the setup issue, but your life will be easier if you instead use a certificate that passes basic hostname checks, and AFAIK it's always be possible to do that in any environment).
a missing case for ssl pinning that could help other :
Hope that can help other. BTW, thanks for your amazing work.