Skip to main content

Bypass Certificate Pinning

Certificate pinning on iOS is typically implemented using the Apple API's. As such, there is one universal tool that can be used to disable this called SSL Kill Switch 2.

Check for Certificate Pinning

Install the target application on to a device:

  • Configure the device to use the intercept proxy (above)

  • If SSL Kill Switch 2 is already installed, ensure you disable it for this check

    • Settings app SSL Kill Switch 2 Toggle button to off
  • Launch the target app and try to interact with it

  • If you can see the traffic in Burp Suite, then Certificate Pinning is not enabled

  • If you see no traffic, and/or a bunch of "client failed to negotiate a TLS connection to..." messages in the Event Log (Dashboard tab), then Certificate Pinning is enabled

  • To bypass Certificate Pinning use SSL Kill Switch2 below

Bypass with SSL Kill Switch 2

Install SSL Kill Switch 2 (version 0.14 or higher) on the device, to disable certificate pinning.

a. Download the latest package from https://github.com/nabla-c0d3/ssl-kill-switch2/releases

b. Ensure that your device is jailbroken.

c. Install the com.nablac0d3.sslkillswitch2_0.14.deb file to the device.

cd /jbutils/files/debs/dpkg -i com.nablac0d3.sslkillswitch2_0.14.deb

d. Re-spring the device.

killall -HUP SpringBoard

e. Enable it in the Settings app (when you need it). (Note: You will only see SSL Kill Switch 2 entry in the Settings app when the device is jailbroken)