如何在Android上检测SSL固定 [英] How to detect SSL pinning on Android

问题描述

我已经安装并配置了 sslsplit 并生成了根证书，并将其添加到了手机(Android)中.

I already have installed and configured sslsplit and generated the root certificate, and added it to the mobile phone (Android).

如何检测SSL固定?

推荐答案

将SSL证书固定或公用密钥固定的应用在移动设备与通信的服务器之间放置代理时，应无法与服务器通信与(因为它将接收ssl split的证书而不是证书链中服务器的证书).

An app that uses SSL certificate pinning or public key pinning should fail to communicate with the server when you place a proxy in between the mobile device and the server it communicates with (because it would receive ssl split's certificate instead of the server's in the certificate chain).

如果应用无法与服务器通信-这表示证书固定有效.

If the app fails to communicate with the server - it means that certificate pinning is working.

这篇关于如何在Android上检测SSL固定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！