Can't decode Instagram, Facebook HTTPS Packets with Burp Suite

Asked Jan 06 '18 at 14:57

Active Jan 06 '18 at 14:57

Viewed 1,485 times

According to the title, Install burp suite on my PC and install burp suite certification on my iPhone.

I can decode HTTPS packets exclude large company app, But I can't decode HTTPS packets Instagram and Facebook app.

I don't know why I can't decode these packets that large company app. It's relation with 'HPKP' ?

Is there how to decode Instagram or Facebook app packets? and how to implement this architecture?

asked Jan 06 '18 at 14:57

rluisr

2

Some apps use certificate or key pinning, which is similar to HPKP. There are apps like ssl-kill-switch or Burp Mobile Assistant that can disable key pinning on a jailbroken device. However, these don't work with all apps, for example, if the app implements its own pinning. Intercepting such an app is difficult and there are no point and click solutions. – PortSwigger Jan 08 '18 at 08:22

0 Answers0