Y
Hacker News
new
|
ask
|
show
|
jobs
by
lxgr
1286 days ago
As far as I remember, iOS native apps and services now either consistently use CA pinning or largely don't respect user-added CAs.
2 comments
azinman2
1286 days ago
There are a multitude of ways to inspect the decrypted traffic of your own device, whether it's a jailbroken iPhone provided by Apple to the security community or a non-kosher jailbroken device. People inspect this traffic all the time.
link
manmal
1286 days ago
No. Install Charles Proxy (iOS app) and see what you can get of the MITM proxy it ships with. Many apps don’t ship with pinning.
link
soziawa
1286 days ago
But most importantly the whole OS and all of the integrated apps do use pinning.
link