Skip to content

SSL Pinning

Jump to bottom
Tim edited this page Mar 4, 2017 · 4 revisions

SSL Pinning is a method to check the ssl certificate and decline the connect if the check fails.

Setup

  1. In the OWASP VM open the folder ~/OWASP/Resources/https/.
  2. Start the python file in the folder with following command sudo python https.py.
  3. This will start a lightweight HTTPS server. The certificate is signed for the domain *.pentest.vm.
  4. Therefore the /etc/hosts file in both VMs has following lines:
10.13.13.101 101.pentest.vm
10.13.13.102 102.pentest.vm
  1. Configure the iptablesrules as following via the command adb shell via the OWASP VM or press Alt + F1 in the Android VM:
  2. iptables.proxy (Please interchange the IP address with the one of the OWASP VM):
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 80 -j DNAT --to 10.13.13.102:8080
iptables -t nat -A OUTPUT -o eth0 -p tcp --dport 443 -j DNAT --to 10.13.13.102:8080
  1. Start Burp Suite in the OWASP VM.

Please open an issue in the case you found a mistake in the wiki.

Challenges

Solutions

Clone this wiki locally