Android Xposed Module to bypass SSL certificate validation (Certificate Pinning).
If you need intercept the traffic from one app who use certificate pinning, with a tool like Burp Proxy, the SSLUnpinning help you with this hard work! The SSLUnpinning through Xposed Framework, make severous hooks in SSL classes to bypass the certificate verifications for one specific app, then you can intercept all your traffic.
-
install Xposed in your device (root access on Android 4.0.3 or later); http://repo.xposed.info/module/de.robv.android.xposed.installer
-
Download the APK available here https://github.com/ac-pm/SSLUnpinning_Xposed or clone the project and compile;
-
Install SSLUnpinning_XposedMod.apk on a device with Xposed:
adb install SSLUnpinning_XposedMod.apk -
SSLUnpinning will list the applications to choose from which will be unpinned;
-
Ok! Now you can intercept all traffic from the chosen app.
Get it from Xposed repo: http://repo.xposed.info/module/mobi.acpm.sslunpinning
adb uninstall SSLUnpinning_XposedMod.apk
Screenshots
See ./LICENSE.
ACPM