ssl-kill-switch2 - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps

  •        113

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and OS X Apps. Second iteration of https://github.com/iSECPartners/ios-ssl-kill-switch . Once loaded into an iOS or OS X App, SSL Kill Switch 2 patches specific low-level SSL functions within the Secure Transport API in order to override, and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).

https://github.com/nabla-c0d3/ssl-kill-switch2

Tags
Implementation
License
Platform

   




Related Projects

ios-ssl-kill-switch - Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps

  •    Objective-C

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps. Once installed on a jailbroken device, iOS SSL Kill Switch patches low-level SSL functions within the Secure Transport API, including SSLSetSessionOption() and SSLHandshake() in order to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).

TrustKit - Easy SSL pinning validation and reporting for iOS, macOS, tvOS and watchOS.

  •    C

TrustKit is an open source framework that makes it easy to deploy SSL public key pinning and reporting in any iOS 8+, macOS 10.10+, tvOS 10+ or watchOS 3+ App; it supports both Swift and Objective-C Apps. If you need SSL pinning/reporting in your Android App. we have also released TrustKit for Android at https://github.com/datatheorem/TrustKit-Android.

HackingFacebook - Kill Facebook for iOS's SSL Pinning

  •    Objective-C

Bypassing Facebook for iOS's SSL Pinning, allow us to capture decrypted HTTPS request send from Facebook, with tools like Charles. This repository shows how to kill the certificate pinning in Facebook for iOS without Jailbreak your device.

Android-SSL-TrustKiller - Bypass SSL certificate pinning for most applications

  •    Java

Blackbox tool to bypass SSL certificate pinning for most applications running on a device. This tool leverages Cydia Substrate to hook various methods in order to bypass certificate pinning by accepting any SSL certificate.

SSLUnpinning_Xposed - Android Xposed Module to bypass SSL certificate validation (Certificate Pinning)

  •    Java

Android Xposed Module to bypass SSL certificate validation (Certificate Pinning). If you need to intercept the traffic from an app which uses certificate pinning, with a tool like Burp Proxy, the SSLUnpinning will help you with this hard work! The SSLUnpinning through Xposed Framework, makes several hooks in SSL classes to bypass the certificate verifications for one specific app, then you can intercept all your traffic.


JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

  •    Java

An xposed module that disables SSL certificate checking. This is useful for auditing an application which does certificate pinning. There also exists a nice framework built by @moxie to aid in pinning certs in your app: certificate pinning. An example of an application that does cert pinning is Twitter. If you would like to view the network traffic for this application, you must disable the certificate pinning.

rancher-letsencrypt - :cow: Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA

  •    Go

A Rancher service that obtains free SSL/TLS certificates from the Let's Encrypt CA, adds them to Rancher's certificate store and manages renewal and propagation of updated certificates to load balancers. If using the HTTP challenge, a reverse proxy that routes example.com/.well-known/acme-challenge to rancher-letsencrypt.

PacketSender - Network utility for sending / receiving TCP, UDP, SSL

  •    C++

Packet Sender is an open source utility to allow sending and receiving TCP, UDP, and SSL (encrypted TCP) packets. The mainline branch officially supports Windows, Mac, and Desktop Linux (with Qt). Other places may recompile and redistribute Packet Sender. Packet Sender is free and licensed GPL v2 or later. It can be used for both commercial and personal use. Official releases of Packet Sender can be downloaded at PacketSender.com. Some places redistribute Packet Sender.

PolarSSL library - Crypto and SSL made easy

  •    C

Download PolarSSL PolarSSL is an SSL library written in ANSI C. PolarSSL makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products with as little hassle as possible. It is designed to be readable, documented, tested, loosely coupled and portable. It supports Symmetric encryption algorithms, hash algorithms, RSA with PKCS and X.509 certificate, SSL and TLS.

lua-resty-auto-ssl - On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt

  •    Perl

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt. This uses the ssl_certificate_by_lua functionality in OpenResty 1.9.7.2+.

sslyze - Fast and powerful SSL/TLS server scanning library.

  •    Python

Fast and powerful SSL/TLS server scanning library for Python 2.7 and 3.4+. SSLyze is a Python library and a CLI tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL/TLS servers.

scapy-ssl_tls - SSL/TLS layers for scapy the interactive packet manipulation tool

  •    Python

SSL/TLS layers for scapy the interactive packet manipulation tool. SSL/TLS and DTLS layers and TLS utiltiy functions for Scapy.

certify - SSL Certificate Manager UI for Windows, powered by Let's Encrypt

  •    CSharp

The SSL/TLS Certificate Management GUI for Windows, powered by Let's Encrypt, allowing you to generate and install free SSL certificates for Windows/IIS (with automated renewal). Advanced users can explore the different validation modes, deployment modes and other advanced options.

Pitaya - 🏇 A Swift HTTP / HTTPS networking library just incidentally execute on machines

  •    Swift

Pitaya is a Swift HTTP / HTTPS networking library for people. Inspired by Alamofire and JustHTTP. Carthage is a decentralized dependency manager that automates the process of adding frameworks to your Cocoa application.

Kong - The Microservice API Gateway

  •    Lua

Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Backed by the battle-tested NGINX with a focus on high performance, Kong was made available as an open-source platform in 2015. Under active development, Kong is used in production at thousands of organizations from startups, Global 5000 and Government organizations.

Nogotofail - Network Security Testing Tool

  •    Python

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

s2n - an implementation of the TLS/SSL protocols from Amazon

  •    C

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

django-sslserver - A SSL-enabled development server for Django

  •    Python

Django SSL Server is a SSL-enabled development server for the Django Framework. Please note that this should not be used for production setups. This app is intended for special use-cases. Most people should instead do a proper production deplyoment where a real webserver such as Apache or NGINX handles SSL.

IRC Mini Stunnel SSL

  •    

IRC SSL Tunnel is a utility that automatically intercepts connections with destination port of 994. This allows you to connect to IRC servers using a secure SSL connection (provided that the server supports connecting over SSL on port 994).

SSL-Explorer

  •    Java

SSL-Explorer is a fully-featured, web-based SSL VPN server. This project is no longer actively maintained as the SSL-Explorer technology has now been acquired by Barracuda Networks, Inc.