search

nabla-c0d3 / ssl-kill-switch2

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Other
3.08k stars 466 forks source link

Ineffective with Appcelerator SSL Pinning #57

Closed aph3rson closed 5 years ago

aph3rson commented 5 years ago

I've posted this as sensepost/objection#187, but it might be useful here as well.

Apps using Appcelerator by Axway have a customized SSL verification library. This uses an SSL certificate bundled with the app, a custom verification method, and is not affected by SSL Kill Switch. This can be fixed in Objection by patching -[AppceleratorHttpsModule createX509CertificatePinningSecurityManager:] to always return null - passing a null value as the address of the security manager causes SSL pinning to be disabled.

nabla-c0d3 commented 5 years ago

Thanks for the heads up. The new version that works for iOS 12 should handle this.