Android SSL Pinning Bypass technique

What is SSLPinning?

Ensuring secure communication is imperative during the development of mobile apps. This concern is addressed through the implementation of HTTPS, which encrypts the traffic between the apps and the server, safeguarding the confidentiality and integrity of the data. By default, Android P, along with its Network Security Configuration, employs HTTPS unless explicitly disabled.

The utilization of HTTPS resolves the issue of users engaging in communication through untrusted public WiFi networks. Nevertheless, it does not offer protection against attacks that occur when SSL certificates are issued by intermediate CAs trusted by the user's device.

Furthermore, if a user wishes to inspect the HTTPS connections of an app, they have the option to explicitly trust a locally generated certificate authority and issue a self-signed SSL certificate for the app's connecting domain. This practice is commonly employed by HTTPS proxies such as BurpSuite and OWASP ZAP.

SSL pinning serves as a method for apps to validate whether they are communicating with the intended server via HTTPS. This verification typically involves checking a specific part of the SSL/TLS certificate keychain, typically the subjectPublicKeyInfo segment. This approach minimizes the attack surface and provides protection against the aforementioned attacks.

It is important to note that SSL pinning is not limited to mobile apps alone. It was initially permitted for websites in the form of the HTTP Public Key Pinning....