SSL Pinning

1. What's SSL Pinning?

"SSL Pinning is making sure the client checks the server’s certificate against a known copy of that certificate.

Simply bundle your server’s SSL certificate inside your application, and make sure any SSL request first validates

that the server’s certificate exactly matches the bundle’s certificate. " Ref[1]

"The method used to do this is: connection:willSendRequestForAuthenticationChallenge: inside the NSURLConnectionDelegate protocol.

This method gets called when an SSL connection is made, giving you, the programmer, a chance to inspect the authentication

challenge and either proceed or fail." Ref[1]

2. SSL Pinning in AFNetworking

Ref[9], Ref[8]

Reference

1. SSL Pinning for Increased App Security (Read Again) (AAAA)

https://possiblemobile.com/2013/03/ssl-pinning-for-increased-app-security/

2. How to make your iOS apps more secure with SSL pinning

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

3. ANDROID SSL PINNING USING OKHTTP

https://medium.com/@develodroid/android-ssl-pinning-using-okhttp-ca1239065616

4. SSL Pinning in UWP Apps

http://resources.infosecinstitute.com/ssl-pinning-in-uwp-apps/

5. Exploring SSL Pinning on iOS

https://nabla-c0d3.github.io/blog/2013/02/19/ios-pinning/

6. MITM ATTACKS & SSL PINNING: WHAT IS IT AND WHY YOU SHOULD CARE.

https://www.ionic.com/blog/mitm-attacks-ssl-pinning-what-is-it-and-why-you-should-care/

7. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

8. About Public Key Pinning (To Read)

https://noncombatant.org/2015/05/01/about-http-public-key-pinning/

https://security.stackexchange.com/questions/29988/what-is-certificate-pinning

9. SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production! (To Read)

http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html

10. How to make your iOS apps more secure with SSL pinning (To Read)

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

11. Certificate and Public Key Pinning (To Read)

https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

12. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

13. Certificate Pinning in a Mobile Application

https://blog.netspi.com/certificate-pinning-in-a-mobile-application/

14. How to make your iOS apps more secure with SSL pinning

https://infinum.co/the-capsized-eight/how-to-make-your-ios-apps-more-secure-with-ssl-pinning

15. 验证 HTTPS 请求的证书(五)

https://draveness.me/afnetworking5

16. Android Security: SSL Pinning

https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

17. Prevent bypassing of SSL certificate pinning in iOS applications

https://www.guardsquare.com/en/blog/iOS-SSL-certificate-pinning-bypassing

18. SSL pinning in iOS - Swift edition

https://infinum.co/the-capsized-eight/ssl-pinning-revisited

Security.ssl-pinning的更多相关文章

  1. 如何使用SSL pinning来使你的iOS APP更加安全

    SSL pinning在构建一个高度安全的移动APP上扮演了一个十分重要的角色.然而如今好多用户在使用无线移动设备去访问无数不安全的无线网络. 这篇文章主要覆盖了SSL pinning 技术,来帮助我 ...

  2. iOS SSL Pinning 保护你的 API

    随着互联网的发展,网站全面 https 化已经越来越被重视,做为 App 开发人员,从一开始就让 API 都走 SSL 也是十分必要的.但是光这样就足够了吗? SSL 可以保护线上 API 数据不被篡 ...

  3. SSLPinning简介,使用Xposed+JustTrustMe来突破SSL Pinning

    0x00 前面 如果你是一干Web安全的,当你在测试目前大多数的手机APP应用程序时,你一定遇到过burpsuite无法抓到数据包的情况,开始你以为只是https的问题,但是当你使用了burpsuit ...

  4. 解决 java 使用ssl过程中出现"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

    今天,封装HttpClient使用ssl时报一下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExc ...

  5. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificatio

    场景:Java调用PHP接口,代码部署在服务器上后,调用报错,显示PHP服务器那边证书我这边服务器不信任(我猜的). 异常信息: 2019-08-06 14:00:09,102 [http-nio-4 ...

  6. 异常信息:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

    上周五遇到一个问题,工程本地编译运行正常,打包本地tomcat运行也正常.部署到测试环境报错: 2017-05-05 09:38:11.645 ERROR [HttpPoolClientsUtil.j ...

  7. 处理Https 异常记录 javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

    http://blog.csdn.net/baidu_18607183/article/details/51595330 https://blogs.oracle.com/java-platform- ...

  8. JAVA_javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name

    tomcat访问https请求返回: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name at sun.se ...

  9. SSL handshake alert: unrecognized_name error since upgrade to Java 1.7

    今天将jdk从1.6升级到1.7,但是HttpUrlConnection连接https出现问题了. javax.net.ssl.SSLProtocolException: handshake aler ...

随机推荐

  1. js异步处理历程

    为什么会出现异步: js执行环境是单线程的,异步处理就非常重要. 处理的方法: 方法一:callback hell 解决:解决了异步处理 存在问题:出现多个回调函数嵌套,代码就会比较乱,出现回调地狱现 ...

  2. ubuntu安装后环境配置

    首先实现能够连接外网,宿主机和虚拟机能ping通 进行smb的配置,能实现pytty的远程连接. 首先apt-get update 安装ssh apt-get install ssh 打开ssh服务 ...

  3. Mysql将查询结果合并为一列

    利用函数:group_concat(),实现一个ID对应多个名称时,原本为多行数据,把名称合并成一行. 完整的语法如下: group_concat([DISTINCT] 要连接的字段 [Order B ...

  4. NodeJs 使用 multer 实现文件上传

    Multer 是一个 node.js 中间件,用于处理 multipart/form-data 类型的表单数据,它主要用于上传文件 注意: Multer 不会处理任何非 multipart/form- ...

  5. Chrome添加Axure RP插件

    之前一直用 Firefox 浏览器浏览原型文件,一直用不惯,而且用 Firefox 的唯一目的就是看原型.其他都是用 Chrome 浏览器,来回切换,各种麻烦,然后下定决心解决 Chrome 浏览器无 ...

  6. Python3 获取本机 IP

    通过 UDP 获取本机 IP,没有任何的依赖,也没有去猜测机器上的网络设备信息,而且是利用 UDP 协议来实现的,生成一个UDP包,把自己的 IP 放如到 UDP 协议头中,然后从UDP包中获取本机的 ...

  7. Unreal4360全景视频序列渲染

    Unreal4 自带360全景渲染的插件 插件名称叫 Stereo Panoramic Movie Capture 一.打开Edit下的Plugins 二.搜索Stereo Panoramic Mov ...

  8. 服务主机superFetch占用磁盘过多

    有用户升级到Win10系统后,发现系统运行不快,查看任务管理器中正在运行的进程,然后查看到有一个名称为“服务主机:本地系统(网络受限)”的进程的磁盘占用率很高.如果想要解决这个问题,那么不妨参考下面介 ...

  9. python 命令行颜色

    #coding=utf-8 import ctypes,sys STD_INPUT_HANDLE = -10 STD_OUTPUT_HANDLE = -11 STD_ERROR_HANDLE = -1 ...

  10. c#+.net常用功能点

    1.比较差集合,排除不在集合中的,即data是data1排除data2剩下的数据 var data1 = new List<string>(); var data2 = new List& ...