Download
Blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications. Once loaded into an iOS or macOS application, SSL Kill Switch 2 will patch low-level functions responsible for handling SSL/TLS connections in order to override and disable the system's default certificate validation, as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against various applications implementing certificate pinning including the Apple App Store. The first version of SSL Kill Switch was released at Black Hat Vegas 2012. Installing SSL Kill Switch 2 allows anyone on the same network as the device to easily perform man-in-the-middle attacks against any SSL or HTTPS connection. This means that it is trivial to get access to emails, websites viewed in Safari and any other data downloaded by any App running on the device.
Features
- Intercepting the App Store's traffic
- Intercepting with Charles Proxy
- Use the Xcode project to build SSL Kill Switch 2 for macOS
- The build requires the Theos suite to be installed
- On iOS, SSL Kill Switch 2 can be installed as a Cydia Subtrate tweak on a jailbroken device
- Once loaded into an iOS or macOS application, SSL Kill Switch 2 will patch low-level functions responsible for handling SSL/TLS connections
Project Samples
