Comment by qingcharles
Comment by qingcharles 2 days ago
Can you not extract the key from the apps? They are only signed against modification, surely? Can you not read the data they have stored on the handset?
Comment by qingcharles 2 days ago
Can you not extract the key from the apps? They are only signed against modification, surely? Can you not read the data they have stored on the handset?
Generally apps like Fiddler generate their own cert which you load onto the device and accept. My understanding is this allows it intercept and re-write requests. When you do this, apps using cert. pinning will sniff out your "wrong" cert. and stop working.