Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Fuzion24/JustTrustMe

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning
https://github.com/Fuzion24/JustTrustMe

Last synced: about 2 months ago
JSON representation

An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning

Host: GitHub
URL: https://github.com/Fuzion24/JustTrustMe
Owner: Fuzion24
License: other
Created: 2014-07-24T23:45:05.000Z (about 10 years ago)
Default Branch: master
Last Pushed: 2024-04-12T00:56:40.000Z (5 months ago)
Last Synced: 2024-05-18T07:32:24.187Z (4 months ago)
Language: Java
Homepage:
Size: 417 KB
Stars: 4,631
Watchers: 92
Forks: 767
Open Issues: 21
Metadata Files:
- Readme: Readme.md
- License: License.md

Awesome Lists containing this project

awesome-rainmana - Fuzion24/JustTrustMe - An xposed module that disables SSL certificate checking for the purposes of auditing an app with cert pinning (Java)

README

JustTrustMe
===========

An xposed module that disables SSL certificate checking. This is useful for auditing an application which does certificate pinning. There also exists a nice framework built by @moxie to aid in pinning certs in your app: [certificate pinning](https://github.com/moxie0/AndroidPinning).

An example of an application that does cert pinning is [Twitter](https://play.google.com/store/apps/details?id=com.twitter.android). If you would like to view the network traffic for this application, you must disable the certificate pinning.

I built this for xposed rather than cydia substrate because xposed seems to support newer devices better. Marc Blanchou wrote the [original tool](https://github.com/iSECPartners/Android-SSL-TrustKiller) for cydia substrate. If you find that you are not able to MITM an application please file an issue.

## Installation

As a prequsite, your device must be rooted and the xposed framework must be installed.
You can download the xposed framework [here](http://repo.xposed.info/module/de.robv.android.xposed.installer).

### Install from binary

The JustTrustMe binary can be downloaded from [https://github.com/Fuzion24/JustTrustMe/releases/latest](https://github.com/Fuzion24/JustTrustMe/releases/latest)

```
adb install ./JustTrustMe.apk
```

or navigate here and download the APK on your phone:
[https://github.com/Fuzion24/JustTrustMe/releases/latest](https://github.com/Fuzion24/JustTrustMe/releases/latest)

### Build from Source
All the normal gradle build commands apply:
To build a release APK:
```
./gradlew assembleRelease
```
To install directly to the phone connected via ADB:
```
./gradlew installRelease
```