When performing a black box assessment of an iOS App, one of the main tasks of the tester is to intercept the application’s network communications using a proxy. This gives the tester the ability to see what is happening behind the scenes and how the application and the server communicate with each other.
Successfully proxying the application’s traffic can be challenging when the application uses SSL combined with certificate pinning in order to validate the server’s identity. Without access to the application’s source code to manually disable certificate validation, the tester is left with no simple options to intercept the application’s traffic.
To simplify the process of bypassing certificate pinning when performing black box testing of iOS Apps, iSEC is releasing the iOS SSL Kill Switch. This tool hooks specific SSL functions at runtime that perform certificate validation. Using Cydia, it can easily be deployed on a jailbroken device, allowing the tester to disable certificate validation for any app running on that device in a matter of minutes. The tool was successfully tested against various iOS applications that use certificate pinning to secure their network traffic.
The iOS SSL Kill Switch was presented at BlackHat Vegas 2012 and is available at: