Securing iOS app againts MITM Attack
Question
I am currently breaking down an app, for educational purposes, to see if I can expose its API. So far I have done well. I figured out the location of the API and by using a SSL proxy such as Charles I was able to decrypt the connection between the client and server as well.
However, given how I did this, I am wondering how the iOS client can verify the servers certificate. The servers certificate of the app in question is a signed wildcart certificate by Rapid SSL authority. When using the SSL proxy, I am exchanging this for the Charles certificate which I imported into my iPhone (hence it made it trusted).
My question: Is there some way the app could verify that the certificate used for the HTTPS connection is from *.mydomain.com and valid signed by authority X? If so, one could drastically increase the security in the app by failing the request is they don't match.
1 answers
solution1
1 ACCPTED 2013-02-08 13:35:47
检查页面http://www.inmite.eu/en/blog/20120314-how-to-validate-ssl-certificates-iOS-client ,该页面详细介绍了如何检查服务器的证书以及如何接受或拒绝该证书。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.