"My strategy was to MITM the mobile app and use the same API." Did the app use c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		3xblah on Dec 23, 2019 \| parent \| context \| favorite \| on: Booking.com agrees to EU demands to change travel ... "My strategy was to MITM the mobile app and use the same API." Did the app use cert pinning What percentage of apps actually use cert pinning

chatmasta on Dec 23, 2019 [–]

A fair amount of apps use cert pinning, not sure on the percentages. It’s easy to circumvent if you have a jailbroken device. I haven’t done this in a few years but there used to be something called SSLKillSwitch for jailbroken iOS which would hook the HTTP request method to remove the cert pinning.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact