I read an article that says that using Charles, you can see the contents of your request even if it's https.
http://qiita.com/HIkaruSato/items/1f66c1a189bf9c19f838
I have set ATS, but can I still see it?
If so, I would appreciate it if you could let me know if there is a way to deal with it.
SSL Pinning is a method of preventing network communication from being intercepted by proxy or intermediate attacks such as Charles.
If the iOS application is connected to only a specific API, you can use SSL Pinning to verify that only a specific certificate is valid in the application to fail communication using its own certificate, such as Charles.
Charles' document also states that SSL communication will fail if SSL Pinning is in place.
Note that some apps implement SSL certificate pinning which means they specifically validate the root certificate. Because the app is itself verifying the root certificate it will not accept Charles's certificate and will fail the connection. If you have successfully installed the Charles root SSL certificate and can browse SSL websites using SSL Proxying in Safari, but an app fails, then SSL Pinning is probonly the issue.
https://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/
Of course, SSL Pinning is a disadvantage, and it depends on the method of Pinning, but it is also said that if the server updates the certificate, the client will need to be updated or will not be able to verify the communication that is originally recognized as a user's right.
Answer from an infrastructure perspective.
Charles acts as a terminal (iPhone, etc.) and browser, and
The proxy is for SSL complexity and encryption.
This is because a typical proxy can do the same, so
In principle, there is no countermeasure.
Therefore, even if captured on the application side,
Combine random numbers and strings such as one-time passwords to make information unreadable
I think we will try to avoid it by making it impossible to reproduce even if we capture the screen transition.
576 Who developed the "avformat-59.dll" that comes with FFmpeg?
613 GDB gets version error when attempting to debug with the Presense SDK (IDE)
922 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error
573 rails db:create error: Could not find mysql2-0.5.4 in any of the sources
© 2024 OneMinuteCode. All rights reserved.