|
|
|
|
|
|
by nullpage
3852 days ago
|
|
|
It is a little more complicated than that. If you start doing MITM on https connections where pinning is involved, typically those sites / apps will just stop working as they don't trust the CA for the cert that is injected during the MITM. So yes it 'protects' you, but it does so by not letting you access that page / app. Chrome (and I'm sure most other browsers / apps) can have their pins overriden by user installed root CA's (which is what they are pressuring people to do in this scenario). You can read more about how Google does certificate pinning here: https://www.imperialviolet.org/2011/05/04/pinning.html |
|
|