Skip to content

Easily defeat MITM attacks on non-jailbroken phones without requiring a SSL cert or any complexities

Notifications You must be signed in to change notification settings

justAnotherDev/PoorMansSSLPinning

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 

Repository files navigation

Poor Man's SSL Pinning

When performing network requests on a Mac/iOS device it is very easy for a bad actor to listen in and see all the information traveling to and from the device. Even if using https data can still be easily viewed in plain text by using a man in the middle proxy like Charles.

The common countermeasure to protect against this is by doing SSL Pinning. Unfortunately SSL pinning is both difficult and costly (requires a private SSL cert). SSL Pinning works against non-jailbroken devices, but there are existing jailbroken tweaks to quickly bypass pinning.

Poor Man's SSL Pinning is a simple check that will easily defeat MITM attacks on non-jailbroken phones without requiring a SSL cert or any complexities. All it does is check to see if a proxy is currently being used. If the call returns true simply don't execute the request.

Usage

let url = URL(string: "www.someurl.com/private_api/get_contents")!
if url.isProxied {
    print("the url has been proxied, refusing to perform the request")
    return
}

// perform the request

License

MIT

About

Easily defeat MITM attacks on non-jailbroken phones without requiring a SSL cert or any complexities

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages