Do you know of any open source or closed source mobile apps implementing certificate pinning?

I am in the process of research for my next technical blog about bypassing certificate pinning with Frida, thus I need to find some open source mobile apps that implement pinning in different ways:

Do you know about any?

I can also use closed source mobile apps, and in that case I will not reveal the company name or mobile app name, like I mention the tweet:

If are not able to point to any at least you could retween the above tweets :slight_smile:

2 Likes

Corresponding tweet for this thread:

Share link for this tweet.

I hope your blog will include some info about what certificate pinning is as well Paulo :see_no_evil:

Don’t need to wait, already wrote about it:

What is Certificate Pinning?

Certificate pinning is the mechanism of associating a domain name with an expected SSL/TLS certificate, technically and more accurately known as an X.509 certificate.

Whenever the user clicks on a link, the device needs to establish a connection with the server hosting that domain name, and for this to happen, a TLS handshake takes place in order that both parties can exchange messages, so that they can verify each other, establish the encryption algorithms to use, and finally to set the session keys to be used thereafter. During the TLS handshake, when the device receives the server certificate, it only establishes the connection if it trusts on that specific certificate, hence it is said that the connection is pinned.

3 Likes