{"id":13434331,"url":"https://github.com/nabla-c0d3/ssl-kill-switch2","last_synced_at":"2025-05-15T02:06:37.682Z","repository":{"id":37390631,"uuid":"38914334","full_name":"nabla-c0d3/ssl-kill-switch2","owner":"nabla-c0d3","description":"Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.","archived":false,"fork":false,"pushed_at":"2023-07-09T15:23:58.000Z","size":623,"stargazers_count":3120,"open_issues_count":16,"forks_count":473,"subscribers_count":115,"default_branch":"release","last_synced_at":"2025-04-13T23:54:27.444Z","etag":null,"topics":["blackbox","cydia","ios","macos","reverse-engineering","security","ssl","ssl-pinning"],"latest_commit_sha":null,"homepage":"","language":"Objective-C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nabla-c0d3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-07-11T04:56:25.000Z","updated_at":"2025-04-12T07:20:18.000Z","dependencies_parsed_at":"2022-08-08T20:15:21.836Z","dependency_job_id":"7dd020bb-0116-4034-9a6f-640d54f494e1","html_url":"https://github.com/nabla-c0d3/ssl-kill-switch2","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nabla-c0d3%2Fssl-kill-switch2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nabla-c0d3%2Fssl-kill-switch2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nabla-c0d3%2Fssl-kill-switch2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nabla-c0d3%2Fssl-kill-switch2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nabla-c0d3","download_url":"https://codeload.github.com/nabla-c0d3/ssl-kill-switch2/tar.gz/refs/heads/release","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259370,"owners_count":22040819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blackbox","cydia","ios","macos","reverse-engineering","security","ssl","ssl-pinning"],"created_at":"2024-07-31T02:01:53.492Z","updated_at":"2025-05-15T02:06:37.656Z","avatar_url":"https://github.com/nabla-c0d3.png","language":"Objective-C","funding_links":[],"categories":["Objective-C","\u003ca id=\"06fccfcc4faa7da54d572c10ef29b42e\"\u003e\u003c/a\u003e移动\u0026\u0026Mobile","Tweaks","Objective-C  Stars 1000以内排名整理","\u003ca id=\"58cd9084afafd3cd293564c1d615dd7f\"\u003e\u003c/a\u003e工具","Weapons","Awesome Mobile Application Penetration Testing  ![awesome](https://awesome.re/badge.svg)"],"sub_categories":["\u003ca id=\"dbde77352aac39ee710d3150a921bcad\"\u003e\u003c/a\u003eiOS\u0026\u0026MacOS\u0026\u0026iPhone\u0026\u0026iPad\u0026\u0026iWatch","SSL Pinning Bypass Tweaks","\u003ca id=\"d0108e91e6863289f89084ff09df39d0\"\u003e\u003c/a\u003e新添加的","iOS","iOS Application Penetration Testing"],"readme":"SSL Kill Switch 2\n=================\n\nBlackbox tool to disable SSL/TLS certificate validation - including certificate\npinning - within iOS and macOS applications. Second iteration of\nhttps://github.com/iSECPartners/ios-ssl-kill-switch .\n\nDescription\n-----------\n\nOnce loaded into an iOS or macOS application, SSL Kill Switch 2 will patch\nlow-level functions responsible for handling SSL/TLS connections in order to\noverride and disable the system's default certificate validation, as well as any\nkind of custom certificate validation (such as certificate pinning).\n\nIt was successfully tested against various applications implementing certificate\npinning including the Apple App Store. The first version of SSL Kill Switch\nwas released at Black Hat Vegas 2012.\n\nThe most recent version iOS that is known to be supported is 14.2.\n\niOS Instructions\n----------------\n\nOn iOS, SSL Kill Switch 2 can be installed as a Cydia Subtrate tweak on a\njailbroken device.\n\n### WARNING: THIS TWEAK WILL MAKE YOUR DEVICE INSECURE\n\nInstalling SSL Kill Switch 2 allows anyone on the same network as the device to\neasily perform man-in-the-middle attacks against *any* SSL or HTTPS connection.\nThis means that it is trivial to get access to emails, websites viewed in Safari\nand any other data downloaded by any App running on the device.\n\n### Installation\n\nThe following dependencies should be installed using Cydia:\n\n* Debian Packager\n* Cydia Substrate\n* PreferenceLoader\n\nThen, download the latest pre-compiled package available in the release tab of\nthe SSL Kill Switch 2's GitHub page. Copy it to the device, install it and\nrespring the device:\n\n    dpkg -i \u003cpackage\u003e.deb\n    killall -HUP SpringBoard\n\nThere should be a new menu in the device's Settings where you can\nenable the extension. Finally, kill and restart the App you want to test.\n\nThe tweak can later be uninstalled using:\n\n    dpkg -r com.nablac0d3.SSLKillSwitch2\n\n### Intercepting the App Store's traffic\n\nLots of people have asked about how to intercept the App Store's traffic using\nSSL Kill Switch 2. I wrote down some instructions here but there are now outdated:\nhttp://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/\n\n### Intercepting with Charles Proxy\n\nBy default, SSL Kill Switch will disrupt the Charles Proxy iOS app and you will not be\nable to proxy any network traffic with it. To fix this, add the Charles Proxy app\n(com.xk72.Charles) to the list of excluded bundle IDs in the SSL Kill Switch config:\n\n![Charles proxy](charles.png)\n\n### Build\n\nThe build requires the Theos suite to be installed available at\nhttp://www.iphonedevwiki.net/index.php/Theos/Getting_Started .\n\nThen, within SSL Kill Switch 2's root foler, create a symlink to your theos\ninstallation:\n\n    ln -s /\u003cpath_to_your_theos_folder\u003e theos\n\nMake sure dpkg is installed. If you have Homebrew, use:\n\n    brew install dpkg\n\nThen, the SSL Kill Switch 2 Debian package can be built using:\n\n    make package\n\nmacOS Instructions\n-----------------\n\nSSL Kill Switch 2 can be used in macOS applications as a dynamic library to be injected into\nprocesses.\n\n### WARNING: THIS HAS NOT BEEN TESTED ON RECENT VERSIONS OF MACOS\n\n### Usage\n\nOn macOS, the SSLKillSwitch library needs to be manually injected into the process where\nSSL pinning needs to be disabled. Once injected, it will automatically override and disable\nSSL validation.\n\nThere are several ways to do this including:\n\n* Starting the process with LLDB or in Xcode Debug-\u003eAttach to process then pause, and load SSLKillSwitch using `dlopen()`:\n\n        (lldb) expr (void*)dlopen(\"/path/to/build/SSLKillSwitch.framework/Versions/A/SSLKillSwitch\", 1)\n\n  Expected result is a non-zero pointer:\n\n        (void *) $1 = 0x00007f92e74d10c0\n\n  If you receive a zero pointer then you may need to enable code-signing and build for profiling then use the binary in the release folder, and even may have to copy the binary to the app's resources folder. In which case you would have seen a sandbox read violation output to console. To test a new version of the binary you need to kill the app and load it in again.\n\n* Using DYLD\\_INSERT\\_LIBRARIES to inject SSLKillSwitch and start the process.\n\n### Restricted Apps\n\nTBD\n\n### Build\n\nUse the Xcode project to build SSL Kill Switch 2 for macOS. The compiled library will then be\navailable in _Products/SSLKillSwitch.framework/Versions/A/SSLKillSwitch_. This is the binary\nthat you need to inject in the process where you want to disable SSL pinning.\n\nChangelog\n---------\n\n* v0.14: Added support for iOS 13.\n* v0.13: Added support for iOS 12.\n* v0.12: Added support for iOS 11.\n* v0.11: Added support for iOS 10.\n* v0.10: Added support for proxy-ing [CocoaSPDY](https://github.com/twitter/CocoaSPDY) Apps (ie. Twitter iOS).\n* v0.9: Extended the MobileLoader filter to simplify the proxy-ing of the Apple App Store application.\n* V0.8: Added support for iOS 9.\n* v0.7: Renamed tool to SSL Kill Switch 2; added support for macOS applications and TrustKit.\n* v0.6: Added support for iOS 7.\n* v0.5: Complete rewrite in order to add support for proxy-ing Apple's App Store application.\n* v0.4: Added hooks for SecTrustEvaluate().\n* v0.3: Bug fixes and support for iOS 6.\n* v0.2: Initial release.\n\nLicense\n-------\n\nMIT - See ./LICENSE.\n\nAuthor\n------\n\nAlban Diquet - @nabla_c0d3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnabla-c0d3%2Fssl-kill-switch2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnabla-c0d3%2Fssl-kill-switch2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnabla-c0d3%2Fssl-kill-switch2/lists"}