mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
31 lines
1.5 KiB
Markdown
31 lines
1.5 KiB
Markdown
# Workflows: Certificate Pinning Bypass
|
|
|
|
## Workflow 1: Escalating Bypass Approach
|
|
```
|
|
[Configure Burp proxy] --> [App connection fails?] --> [Yes: Pinning active]
|
|
|
|
|
[Try Objection generic bypass]
|
|
|
|
|
[Traffic visible?]
|
|
/ \
|
|
[Yes: Done] [No: Advanced]
|
|
|
|
|
[Identify pinning library]
|
|
[frida-trace *Trust* *Pin*]
|
|
|
|
|
[Write custom Frida script]
|
|
[Target specific implementation]
|
|
|
|
|
[Verify traffic capture]
|
|
```
|
|
|
|
## Decision Matrix
|
|
| Pinning Method | Bypass Tool | Difficulty |
|
|
|---------------|-------------|-----------|
|
|
| OkHttp CertificatePinner | Objection | Easy |
|
|
| Network Security Config | Manifest modification | Easy |
|
|
| Custom TrustManager | Frida hook | Medium |
|
|
| TrustKit | Objection or Frida | Medium |
|
|
| Native C/C++ validation | Frida Interceptor.attach | Hard |
|
|
| Certificate Transparency | Custom Frida script | Hard |
|