Android 7 SSL Inspection
#1
Anyone have any tricks for inspecting SSL content on Android 7?

Ever since this update, Google have prevented apps from accepting user added 'trusted' certificates, and they drop any connections signed by untrusted certificates. This means no more MitM proxying!

Following from this link: https://blog.netspi.com/four-ways-bypass...e-pinning/

I've been de-compiling, adding the network_security_config.xml to allow all user added certificates (and the reference in AndroidManifest.xml), re-compiling... But then, nothing. My app refuses to connect over SSL.

The app I was targeting may have had other Certificate Pinning code, so I verified this on the Wikipedia app, to the same effect.

Anyone had any similar experiences?
Reply


Messages In This Thread
Android 7 SSL Inspection - by EnigmaCookie - 04-23-2018, 05:10 PM
RE: Android 7 SSL Inspection - by EnigmaCookie - 04-23-2018, 06:45 PM
RE: Android 7 SSL Inspection - by Insider - 04-25-2018, 11:31 PM
RE: Android 7 SSL Inspection - by swiss - 05-24-2018, 12:58 AM
RE: Android 7 SSL Inspection - by EnigmaCookie - 05-24-2018, 01:49 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Best approach for a site with no SSL Majin-Buu 7 14,547 01-02-2021, 01:44 PM
Last Post: 9ys
  Check if your Android device is vulnerable overfl0wN 0 9,731 11-14-2015, 02:59 PM
Last Post: overfl0wN