Question

Certificate pinning is a mechanism that limits an application to trusting predefined certificates only. Also known as SSL pinning or cert pinning , it provides an additional layer of security against man-in-the-middle attacks , in which an attacker secretly intercepts, reads, and alters the communications between two parties. If you want to intercept and decode the traffic of an application that uses certificate pinning, you’ll have to bypass the certificate pinning first, or the application won’t trust your proxy’s SSL certificate and you won’t be able to intercept HTTPS traffic.

证书固定是一种机制，它限制应用程序只信任预定义的证书。又称为 SSL 固定或证书固定，它提供了一层额外的安全保障，防止中间人攻击，即攻击者秘密拦截、读取和更改两个方之间的通信。如果你想拦截和解码使用证书固定的应用程序的流量，你必须先绕过证书固定，或者应用程序将不信任你的代理的 SSL 证书，你就无法拦截 HTTPS 流量。

It’s sometimes necessary to bypass certificate pinning to intercept the traffic of better-protected apps. If you’ve successfully set up your mobile device to work with a proxy but still cannot see the traffic belonging to your target application, that app may have implemented certificate pinning.

有时候需要绕过证书固定来截取更好保护的应用程序的流量。如果您已经成功设置了移动设备与代理的配合，但仍然无法看到目标应用程序的交通流量，那么该应用程序可能已经实现了证书固定。

The process of bypassing cert pinning will depend on how the certificate pinning is implemented for each application. For Android applications, you have a few options for bypassing the pinning. You can use Frida , a tool that allows you to inject scripts into the application. You can download Frida from https://frida.re/docs/installation/ . Then use the Universal Android SSL Pinning Bypass Frida script ( https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ ). Another tool that you could use to automate this process is Objection ( https://github.com/sensepost/objection/ ), which uses Frida to bypass pinning for Android or iOS. Run the Objection command android sslpinning disable to bypass pinning.

绕过证书固定的过程将取决于每个应用程序实现证书固定的方式。对于 Android 应用程序，您有几种绕过固定的选项。您可以使用 Frida，这是一种允许您将脚本注入应用程序的工具。您可以从 https://frida.re/docs/installation/下载 Frida。然后使用 Universal Android SSL Pinning Bypass Frida 脚本 (https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/)。您还可以使用 Objection (https://github.com/sensepost/objection/) 自动化此过程，使用 Frida 绕过 Android 或 iOS 的固定。运行 Objection 命令 android sslpinning disable 来绕过固定。

For most applications, you can bypass the certificate pinning by using these automated tools. But if the application implements pinning with custom code, you might need to manually bypass it. You could overwrite the packaged certificate with your custom certificate. Alternately, you could change or disable the application’s certificate validation code. The process of executing these techniques is complicated and highly dependent on the application that you’re targeting, so I won’t go into detail. For more information on these methods, you’ll have to do some independent research.

大多数情况下，您可以通过使用这些自动化工具来绕过证书绑定。但是如果应用程序使用自定义代码进行针对性绑定，您可能需要手动绕过。您可以使用自定义证书来覆盖打包的证书。或者，您可以更改或禁用应用程序的证书验证代码。执行这些技术的过程非常复杂，且高度依赖您的目标应用程序，所以我不会详细介绍。有关这些方法的更多信息，您需要进行一些独立的研究。