Info Sec & Developers Blog

 So As discussed in Part 1, the 1APP has implemented another trick to avoid bypassing SSL Pinning. Before they were focusing on CA certificates present in device. Which we were able to bypass by putting our burpsuite certificate in CA directory. Now After update the Old trick was not working. To understand the implemented fix, I have decompile the APK again and In "resources\res\xml" directory I checked for "network_security_config.xml" after reviewing the XML file I Saw a new entry like <trust-anchors>             <certificates src="@raw/myAPP"/> </trust-anchors> This means that they have embedded their own certificate in "\resources\res\raw" directory with "myAPP" name. which means that application will not accept any certificate (CA/system or User) from device, it will only use myAPP certificate which is embedded in APK. I have tried multiple attempts to bypass it however every time I manipulate the APK file and tri

 Hi everyone as you are aware I update this blog when I get stuck in some situation and after multiple attempts if I bypass that situation I write a blog about it. So today we will be discussing multiple issues which I faced while bypassing SSL pinning in one Application. lets call it 1APP So 1APP is configured in a way that normal installing burpsuite certificate in Andriod was not working. Running the application with normal burp certificate it was giving error like "java.security.cert.certpathvalidatorexception" webhook etc. After decompiling the app using online tools or you can use APKTOOL. In "resources\res\xml" directory I checked for "network_security_config.xml" after reviewing the XML file it was clear application is only trusting those certificate which are installed in CA directory of Device. So it was cleared that we have to copy our certificate to Android CA directory. After alot of searching I came across an awesome article where he explaine