HTTPS与SSL(一)
http://blog.163.com/magicc_love/blog/static/185853662201321423527263/
HTTPS与SSL(二)
http://blog.163.com/magicc_love/blog/static/185853662201321424244747/?suggestedreading&wumii
研究SSL的wireshark过滤条件 ssl and (ip.src == 111.13.100.92 or ip.dst == 111.13.100.92)
iOS使用Charles(青花瓷)抓包并篡改返回数据图文详解
http://www.kanxue.com/bbs/showthread.php?t=177490
Securing mobile banking on Android with SSL certificate pinning
https://infinum.co/the-capsized-eight/articles/securing-mobile-banking-on-android-with-ssl-certificate-pinning
iPhone工具
工具之SSL Kill Switch
iOS Application Security Part 36 – Bypassing Certificate Pinning Using SSL Kill Switch(详细介绍SSL Kill Switch的用法)
http://highaltitudehacks.com/2014/11/03/ios-application-security-part-36-bypassing-certificate-pinning-using-ssl-kill-switch/
Intercepting the App Store's Traffic on iOS
http://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/
Bypassing OpenSSL Certificate Pinning in iOS Apps
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/january/bypassing-openssl-certificate-pinning-in-ios-apps/
iOS应用程序绕过OpenSSL的证书
http://bobao.360.cn/learning/detail/193.html
iOS SSL kill switch安装与使用(中文版本)
http://danqingdani.blog.163.com/blog/static/186094195201211238735630/
https://github.com/iSECPartners/ios-ssl-kill-switch
https://github.com/iSECPartners/ios-ssl-kill-switch/tree/release-0.6
http://nabla-c0d3.github.io/blog/2013/08/20/ios-ssl-kill-switch-v0-dot-5-released/
工具之trustme
https://github.com/intrepidusgroup/trustme
SSL Kill Switch实测可以支持iOS8.1.3.
Android工具
工具之Android-SSL-TrustKiller
This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.
https://github.com/iSECPartners/Android-SSL-TrustKiller
工具之JustTrustMe
An xposed module that disables SSL certificate checking. This is useful for auditing an appplication which does certificate pinning.
https://github.com/Fuzion24/JustTrustMe
JustTrustMe近期有更新.
http://blog.163.com/magicc_love/blog/static/185853662201321423527263/
HTTPS与SSL(二)
http://blog.163.com/magicc_love/blog/static/185853662201321424244747/?suggestedreading&wumii
研究SSL的wireshark过滤条件 ssl and (ip.src == 111.13.100.92 or ip.dst == 111.13.100.92)
iOS使用Charles(青花瓷)抓包并篡改返回数据图文详解
http://mdsa.51cto.com/art/201507/483492.htm
http://www.kanxue.com/bbs/showthread.php?t=177490
Securing mobile banking on Android with SSL certificate pinning
https://infinum.co/the-capsized-eight/articles/securing-mobile-banking-on-android-with-ssl-certificate-pinning
iPhone工具
工具之SSL Kill Switch
iOS Application Security Part 36 – Bypassing Certificate Pinning Using SSL Kill Switch(详细介绍SSL Kill Switch的用法)
http://highaltitudehacks.com/2014/11/03/ios-application-security-part-36-bypassing-certificate-pinning-using-ssl-kill-switch/
Intercepting the App Store's Traffic on iOS
http://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/
Bypassing OpenSSL Certificate Pinning in iOS Apps
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/january/bypassing-openssl-certificate-pinning-in-ios-apps/
iOS应用程序绕过OpenSSL的证书
http://bobao.360.cn/learning/detail/193.html
iOS SSL kill switch安装与使用(中文版本)
http://danqingdani.blog.163.com/blog/static/186094195201211238735630/
https://github.com/iSECPartners/ios-ssl-kill-switch
https://github.com/iSECPartners/ios-ssl-kill-switch/tree/release-0.6
http://nabla-c0d3.github.io/blog/2013/08/20/ios-ssl-kill-switch-v0-dot-5-released/
工具之trustme
https://github.com/intrepidusgroup/trustme
SSL Kill Switch实测可以支持iOS8.1.3.
Android工具
工具之Android-SSL-TrustKiller
This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.
https://github.com/iSECPartners/Android-SSL-TrustKiller
工具之JustTrustMe
An xposed module that disables SSL certificate checking. This is useful for auditing an appplication which does certificate pinning.
https://github.com/Fuzion24/JustTrustMe
JustTrustMe近期有更新.