I have burp suite on my laptop, I have installed the certificate on my IPhone device and every things works great when trying to intercept any request made by the safari browser including HTTPS requests. when I try to intercept an application request if failes and I don't know why it is happeneing. every application that uses HTTPS won't be intercepted by burp suite. what I am missing here? I have seen some blogs advising to use fiddler instead of burp suite, I tried that also but the same problem happens when trying to intercept any application HTTPS request. what should I do to fix this problem?
Asked
Active
Viewed 292 times
0
-
2How many apps have you tried? Many apps use certificate pinning, which means that they do not trust CAs added by either burp or Fiddler, and thus cannot be intercepted. This article might help: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/january/bypassing-openssl-certificate-pinning-in-ios-apps/ – RomanK Sep 19 '16 at 03:56
-
@RomanK thanks for your reply :) ,you are right! all the applications I have tested use certificate pinning though I tries to bypass them on android simulator but that did not work :( – flashDisk Sep 19 '16 at 09:02
-
1In that case, not many options unfortunately. The whole point of certificate pinning is to circumvent SSL inspection. You could try the idea in the article, but it's far from simple, so your mileage may vary. – RomanK Sep 19 '16 at 20:24