performing-mobile-app-certificate-pinning-bypass
Installation
SKILL.md
Performing Mobile App Certificate Pinning Bypass
When to Use
Use this skill when:
- Mobile app refuses connections through a proxy due to certificate pinning
- Performing authorized security testing requiring HTTPS traffic interception
- Assessing the strength and bypass difficulty of pinning implementations
- Evaluating defense-in-depth of mobile app network security
Do not use to bypass pinning on apps without explicit testing authorization.
Prerequisites
- Burp Suite configured as proxy with listener on all interfaces
- Rooted Android device or jailbroken iOS device
- Frida server running on target device
- Objection installed (
pip install objection) - Target app installed and reproducing the pinning behavior