I appreciate the traction this received. I'd like to note that I am not a developer by trade and I'm certainly not a designer. Java isn't even my primary language. I am just somebody interested in privacy and security and this was a fun project that should be useful. Any contributions to the code or design are very welcome. I hope this helps others and thank you.
Would this let me see the full path of an https requests that an app is making? I've got a testing need for that, and am currently hampered because our secops team won't let us enable a feature flag to disable cert pinning so that Charles proxy will work.
WOuld this be a viable alternative because it runs on the actual phone itself?
No, this won't bypass certificate pinning, to do that you need to tamper the app or hook runtime calls using something like Xposed. There are modules [0] [1] that do this, support depends on the version of Android you're using.
Use frida(frida.re) with something like objection to disable certificate pining at runtime. You gotta have a rooted phone, or you'll have to patch the apk with Frida library.
7 comments
[ 3.4 ms ] story [ 16.7 ms ] threadWOuld this be a viable alternative because it runs on the actual phone itself?
[0]. https://github.com/ac-pm/SSLUnpinning_Xposed
[0]. https://github.com/Fuzion24/JustTrustMe