Potential way to bypass SSL pinning using #Android

I emailed burp support for some help one an app i wanted to see what it was doing traffic wise….

This was their response.

 

Some native apps use their own certificate trust store, and some implement certificate pinning to only trust specific server-side certificates. In this situation, breaking the SSL tunnel is non-trivial and may entail jailbreaking the device or using some other advanced tools.

One of our users created a short video on the process:

https://vimeo.com/137672482

In the video they go over how to setup Android with ProxyDroid and FS Cert Installer to push HTTPS App traffic to Burp Suite.

They also provided these basic instructions.

Burp Suite Host:
• Reset burp suite
• Turn on listen to all interfaces

Android Host:
• Remove all User Certs
• Stop task and remove data for ProxyDroid and FS Cert installer ( you can just uninstall reinstall )
• Put the phone in airplane mode then turn on WIFI
• In FS Cert put in proxy IP and PORT then click the middle button Add CA and add it under WIFI Cert in the dropdown
• Then click test chain and it should all be green yes for www.google.com
• For Proxydroid just put in the IP and port and also tunnel DNS
• Kill or reinstall any apps before you start to make sure they go through the proxy properly