5

I have been trying for almost a month to intercept the traffic of an android app the uses SSL pinning. I used Android-SSL-TrustKiller and SSLUnpinning but it did not work.I also decompiled the app and added mitmproxy's certificate to the app's truststore but still no luck.After some investigation I found that the app is using SPDY protocol.I thought that this might be the source of the problem so I searched google about how this protocol perform SSL certificate validation but I could not find anything.

So does SPDY protocol uses a different mechanism for SSL pinning? if not then what is preventing the app from trusting the proxy after I have added the proxy's certificate to the app's truststore?

DarkNight
  • 51
  • 1

1 Answers1

1

SPDY work different from HTTP, the proxy must support it. I guess this is your problem. mitmproxy does not support SPDY.

You need to look for proxy that support SPDY, somethink like this one. If you can make the phone\app trust your certificate, it should work.

Yehuda
  • 202
  • 1
  • 6