Blackbox tool to bypass SSL certificate pinning for most applications running on a device.
This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.
Ensure that Cydia Substrate has been deployed on your test device. The installer requires a rooted device and can be found on the Google Play store at https://play.google.com/store/apps/details?id=com.saurik.substrate&hl=en
Download the pre-compiled APK available at https://github.com/iSECPartners/Android-SSL-TrustKiller/releases
Install the APK package on the device:
adb install Android-SSL-TrustKiller.apk
Add the CA certificate of your proxy tool to the device's trust store.
Use only on a test devices as anyone on the same network can intercept traffic from a number of applications including Google apps. This extension will soon be integrated into Introspy-Android (https://github.com/iSECPartners/Introspy-Android) in order to allow you to proxy only selected applications.
See ./LICENSE.
Marc Blanchou