什么是 SSL Pinning
To view https traffic, you could sign your own root CA, and perform mitm attack to view the traffic. HPKP (http public key pinning) stops this sniffing by only trust given CA, thus, your self-signed certs will be invalid. To let given app to trust your certs, you will have to modify the apk file.
How to break it?
decompile, modify and then recompile the apk file can be very diffcult. so you’d better hook to some api to let the app you trying to intercept trust your certs. xposed offers this kind of ability. moreover, a xposed module called JustTrustMe have done the tedious work for you. just install xposed and JustTrustMe and you are off to go. Here are the detaild steps:
- Install Xposed Installer
for android 5.0 above, use the xposed installer.
NOTE: 对于 MIUI，需要搜索 Xposed 安装器 MIUI 专版。
Install Xposed from xposed installer, note, you have to give root privilege to xposed installer
git clone https://github.com/skylot/jadx.git
./gradlew dist # you might need to wait on this
brew install jadx
- change apk to zip file and unzip it
- copy out the class.dex file
- build/jadx/bin/jadx -d OUTDIR PATH_TO_CLASS.DEX or jadxgui PATH
smali code tutorial： https://forum.xda-developers.com/showthread.php?t=2193735
安卓中 pinning 的原理
InputStream in = resources.openRawResource(certificateRawResource);//file name of res/raw keyStore = KeyStore.getInstance("BKS"); keyStore.load(resourceStream, password);
https://github.com/ac-pm/SSLUnpinning_Xposed xposed 插件，已测试不好用
豌豆荚商店中有一个 xposed installer miui专版，使用这个可以很好地安装 xposed
https://github.com/iSECPartners/android-ssl-bypass 一个基础工具，通过替换trust manager实现