Open M47H3W opened 6 years ago
I have not really tested system applications much, so, some reverse engineering will be required for those. That said, objection does not yet hook Trustkit, and adding it as described here may be a step in the right direction.
It's an older article, but might still be relevant: https://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/
I initially thought the issue to be that the strategy used by the SSL Kill Switch to disable certificate validation somehow wasn’t enough to bypass itunesstored’s certificate pinning. However, it turns out that the SSL Kill Switch was just not being injected into the itunesstored process at all, for a couple reasons:
The iOS SSL kill switch looks like its working okay for normal apps but I cannot seem to get it to work at all for system apps such as iCloud. I am currently trying to inject the ssl kill switch into the
Settings
app to view the iCloud sign in process. Objection is able to see and patch some of the calls but I am unable to view any of the requests. Can anyone help me out or at least point me in the right direction? None of the tutorials I can find dive into iOS's system apps. Many others are interested in app store traffic but that doesn't seem to work either.Charles output:
iOS version:
11.1.2
Commands executed:Objection output: