search

Bypass SSL Pinning - rooted devices

With the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite

With the Network Security Configurationarrow-up-right introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinningarrow-up-right, getting an app to work with an HTTPS proxy has become quite tedious.

In this section, you will find the instructions to automates the entire process of getting an app to work with an HTTPS proxy.

circle-info

If your device is rooted, you can follow options listed in Bypass SSL Pinning - non-rooted devices

You have these options in rooted devices:

  1. Install the Burp CA as a system-level CA on the device. Since the "traditional" way of installing a user certificate doesn’t work anymore in Nougat and above, for me the easiest solution is to install the Burp CA to the system trusted certificates. The easiest solution. Also added benefit of not having to set a lock-screen PIN.

PreviousInject FridaNextInstall Burp CA as a system-level CA on the device

Last updated