The default iOS SSL pinning command does not patch Appcelerator's SSL pinning functionality. During the creation of the HTTP client, a securityManager parameter can be passed as the result of the createX509CertificatePinningSecurityManager method. This normally takes a list of URLs and certificate files, as well as where to validate the cert against in the chain. Patching this method to always return null effectively disables SSL pinning.
This can be accomplished in objection with the command ios hooking set return_value "-[AppceleratorHttpsModule createX509CertificatePinningSecurityManager:]" null. However, I'd like to see this included in the default SSL pinning hook - I'm just not sure how to include it in the disable.js file.
leonjza
commented
5 years ago
The default iOS SSL pinning command does not patch Appcelerator's SSL pinning functionality. During the creation of the HTTP client, a
securityManagerparameter can be passed as the result of thecreateX509CertificatePinningSecurityManagermethod. This normally takes a list of URLs and certificate files, as well as where to validate the cert against in the chain. Patching this method to always returnnulleffectively disables SSL pinning.This can be accomplished in objection with the command
ios hooking set return_value "-[AppceleratorHttpsModule createX509CertificatePinningSecurityManager:]" null. However, I'd like to see this included in the default SSL pinning hook - I'm just not sure how to include it in thedisable.jsfile.