GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nabla-c0d3 → Ssl Kill Switch2

nabla-c0d3 / Ssl Kill Switch2

Licence: other
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.

Programming Languages

objective c
16641 projects - #2 most used programming language
c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

iossecuritymacosreverse-engineeringsslcydiassl-pinningblackbox

Projects that are alternatives of or similar to Ssl Kill Switch2

Trustkit
Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.
Stars: ✭ 1,678 (-30.66%)
Mutual labels:  ssl, ssl-pinning
GCXTrustPolicy
SSL pinning and trust validation framework for iOS
Stars: ✭ 21 (-99.13%)
Mutual labels:  ssl, ssl-pinning
Cert
Cert is the Go tool to get TLS certificate information.
Stars: ✭ 166 (-93.14%)
Mutual labels:  ssl
Cse2
Decompilation of Cave Story (v1.0.0.6)
Stars: ✭ 176 (-92.73%)
Mutual labels:  reverse-engineering
Pdbripper
PDBRipper is a utility for extract an information from PDB-files.
Stars: ✭ 173 (-92.85%)
Mutual labels:  reverse-engineering
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (-93.26%)
Mutual labels:  ssl
Hl2sdk
Half-Life 2 SDK Mirrors
Stars: ✭ 173 (-92.85%)
Mutual labels:  reverse-engineering
Shackle
High-Performance Erlang Network Client Framework
Stars: ✭ 163 (-93.26%)
Mutual labels:  ssl
Tcpproxy
Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
Stars: ✭ 176 (-92.73%)
Mutual labels:  reverse-engineering
Udm Le
Let's Encrypt support for Ubiquiti UbiOS firmwares
Stars: ✭ 170 (-92.98%)
Mutual labels:  ssl
Memject
Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.
Stars: ✭ 176 (-92.73%)
Mutual labels:  reverse-engineering
Apkstudio
Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
Stars: ✭ 2,246 (-7.19%)
Mutual labels:  reverse-engineering
Sslify
Rapidly SSLify Your Server!
Stars: ✭ 168 (-93.06%)
Mutual labels:  ssl
Guacamole Install Rhel 7
Apache Guacamole installation bash script for RHEL 7 and CentOS 7 including options for Nginx, HTTPS, SSL, LDAP, Let's Encrypt certificates and more
Stars: ✭ 174 (-92.81%)
Mutual labels:  ssl
Pwnshop
Exploit Development, Reverse Engineering & Cryptography
Stars: ✭ 167 (-93.1%)
Mutual labels:  reverse-engineering
Badssl.com
🔒 Memorable site for testing clients against bad SSL configs.
Stars: ✭ 2,234 (-7.69%)
Mutual labels:  ssl
Android Lkms
Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators
Stars: ✭ 164 (-93.22%)
Mutual labels:  reverse-engineering
Sslfie
Generate self-signed x.509 certificates for use with SSL/TLS
Stars: ✭ 169 (-93.02%)
Mutual labels:  ssl
Earth Reverse Engineering
Reversing Google's 3D satellite mode
Stars: ✭ 2,083 (-13.93%)
Mutual labels:  reverse-engineering
Antidbg
A bunch of Windows anti-debugging tricks for x86 and x64.
Stars: ✭ 177 (-92.69%)
Mutual labels:  reverse-engineering
View All Similar Projects ➔

SSL Kill Switch 2

Blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications. Second iteration of https://github.com/iSECPartners/ios-ssl-kill-switch .

Description

Once loaded into an iOS or macOS application, SSL Kill Switch 2 will patch low-level functions responsible for handling SSL/TLS connections in order to override and disable the system's default certificate validation, as well as any kind of custom certificate validation (such as certificate pinning).

It was successfully tested against various applications implementing certificate pinning including the Apple App Store. The first version of SSL Kill Switch was released at Black Hat Vegas 2012.

The most recent version iOS that is known to be supported is 14.2.

iOS Instructions

On iOS, SSL Kill Switch 2 can be installed as a Cydia Subtrate tweak on a jailbroken device.

WARNING: THIS TWEAK WILL MAKE YOUR DEVICE INSECURE

Installing SSL Kill Switch 2 allows anyone on the same network as the device to easily perform man-in-the-middle attacks against any SSL or HTTPS connection. This means that it is trivial to get access to emails, websites viewed in Safari and any other data downloaded by any App running on the device.

Installation

The following dependencies should be installed using Cydia:

  • Debian Packager
  • Cydia Substrate
  • PreferenceLoader

Then, download the latest pre-compiled package available in the release tab of the SSL Kill Switch 2's GitHub page. Copy it to the device, install it and respring the device:

dpkg -i <package>.deb
killall -HUP SpringBoard

There should be a new menu in the device's Settings where you can enable the extension. Finally, kill and restart the App you want to test.

The tweak can later be uninstalled using:

dpkg -r com.nablac0d3.SSLKillSwitch2

Intercepting the App Store's traffic

Lots of people have asked about how to intercept the App Store's traffic using SSL Kill Switch 2. I wrote down some instructions here but there are now outdated: http://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/

Intercepting with Charles Proxy

By default, SSL Kill Switch will disrupt the Charles Proxy iOS app and you will not be able to proxy any network traffic with it. To fix this, add the Charles Proxy app (com.xk72.Charles) to the list of excluded bundle IDs in the SSL Kill Switch config:

Charles proxy

Build

The build requires the Theos suite to be installed available at http://www.iphonedevwiki.net/index.php/Theos/Getting_Started .

Then, within SSL Kill Switch 2's root foler, create a symlink to your theos installation:

ln -s /<path_to_your_theos_folder> theos

Make sure dpkg is installed. If you have Homebrew, use:

brew install dpkg

Then, the SSL Kill Switch 2 Debian package can be built using:

make package

macOS Instructions

SSL Kill Switch 2 can be used in macOS applications as a dynamic library to be injected into processes.

WARNING: THIS HAS NOT BEEN TESTED ON RECENT VERSIONS OF MACOS

Usage

On macOS, the SSLKillSwitch library needs to be manually injected into the process where SSL pinning needs to be disabled. Once injected, it will automatically override and disable SSL validation.

There are several ways to do this including:

  • Starting the process with LLDB or in Xcode Debug->Attach to process then pause, and load SSLKillSwitch using dlopen():

      (lldb) expr (void*)dlopen("/path/to/build/SSLKillSwitch.framework/Versions/A/SSLKillSwitch", 1)

    Expected result is a non-zero pointer:

      (void *) $1 = 0x00007f92e74d10c0

    If you receive a zero pointer then you may need to enable code-signing and build for profiling then use the binary in the release folder, and even may have to copy the binary to the app's resources folder. In which case you would have seen a sandbox read violation output to console. To test a new version of the binary you need to kill the app and load it in again.

  • Using DYLD_INSERT_LIBRARIES to inject SSLKillSwitch and start the process.

Restricted Apps

TBD

Build

Use the Xcode project to build SSL Kill Switch 2 for macOS. The compiled library will then be available in Products/SSLKillSwitch.framework/Versions/A/SSLKillSwitch. This is the binary that you need to inject in the process where you want to disable SSL pinning.

Changelog

  • v0.14: Added support for iOS 13.
  • v0.13: Added support for iOS 12.
  • v0.12: Added support for iOS 11.
  • v0.11: Added support for iOS 10.
  • v0.10: Added support for proxy-ing CocoaSPDY Apps (ie. Twitter iOS).
  • v0.9: Extended the MobileLoader filter to simplify the proxy-ing of the Apple App Store application.
  • V0.8: Added support for iOS 9.
  • v0.7: Renamed tool to SSL Kill Switch 2; added support for macOS applications and TrustKit.
  • v0.6: Added support for iOS 7.
  • v0.5: Complete rewrite in order to add support for proxy-ing Apple's App Store application.
  • v0.4: Added hooks for SecTrustEvaluate().
  • v0.3: Bug fixes and support for iOS 6.
  • v0.2: Initial release.

License

MIT - See ./LICENSE.

Author

Alban Diquet - @nabla_c0d3

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].