应用程序中如何检测SSL固定?
[英]How to detect SSL pinning is being done in the app?
1 个解决方案
解决方案1
3 已采纳 2016-09-01 20:02:24
If you setup SSL interception with tools like mitmproxy or Burp and then import the proxy CA of this interception proxy into the android certificate store as trusted then you should be able to intercept the connection, ie get the plain text. 
如果您使用mitmproxy或Burp之类的工具设置SSL拦截,然后将该拦截代理的代理CA信任地导入到android证书存储中,那么您应该能够拦截连接,即获取纯文本。 If instead the application fails and maybe throws out some error about failing SSL verification than this application is probably doing SSL pinning. 如果相反,该应用程序失败了,并且可能抛出了关于SSL验证失败的错误,则表明该应用程序可能正在执行SSL固定。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
如何在Android上检测SSL固定 - How to detect SSL pinning on Android
如何检测 Root (Magisk) 并在 Android / React Native 上实现 SSL 固定 - How to Detect Root (Magisk) and Implement SSL Pinning on Android / React Native
如何在 Flutter App 中为 VAPT 团队禁用 SSL 固定和根检测? - How to disable SSL Pinning & Root Detection in Flutter App for VAPT Team?
证书透明度可以检测移动应用程序中的 SSL 固定绕过吗? - Can certificate transparency detect SSL Pinning bypass in Mobile Applications?
如何在android中实现未绕过的SSL固定 - how to implement the un bypassed SSL pinning in android
如何在Android上检测屏幕固定的锁定和解锁 - How to detect lock and unlock of screen pinning on android
禁用SSL证书固定 - Disable SSL certificate pinning
Android SSL 证书固定 - Android SSL Certificate pinning
SSL与Volley固定 - SSL Pinning With Volley
SSL固定客户端加密 - SSL pinning client encryption
相关标签