Android Question SSL Certificate Pinning

M. Giray Ozkan

Member
Licensed User
Longtime User
Hi,

I need to use ssl certificate pinning in my android project to avoid man-in-the-middle attacks and manually installed root certificates.

is there any way in B4A to do this?

Thanks
 

M. Giray Ozkan

Member
Licensed User
Longtime User
Hello

as you can imagine this is not easy way to do that. I reading a lot of articles ssl certificate pinning with using httpclient/okhttpclient but I've no idea how can I implement these codes to my project.

With default http client: https://github.com/ikust/hello-pinnedcerts
With okhttpClient : https://github.com/square/okhttp/wiki/HTTPS


1. I had .crt file from targeting web server which is I'm trying to ssl communication with it. (it was obtained using firefox)
2. I converted to a bks formatted keystore file
3. I put that file to res/raw folder.

I want to learn how can I use CertificatePinner in okHttp or SSLSocketFactory in default httpClient.

Thank you
 
Last edited:
Upvote 0

M. Giray Ozkan

Member
Licensed User
Longtime User
Hello Erel,

is there any way to do programmatically on android device? On the other hand, install certificate to device is not the right way to achieve main purpose of SSL certificate pinning.

Please read these articles:

What is the SSL Certificate pinning and what is the concept? : https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning

How to intercept SSL traffic on mobile device using Burp Suite: https://www.google.com.tr/search?q=...l4.6842j0j4&sourceid=chrome&es_sm=92&ie=UTF-8


Thanks
 
Upvote 0
Top