A collection of Smali patterns to detect SSL pinning implementations in Android applications. This repository helps security analysts and reverse engineers identify various SSL pinning techniques used in Android apps.
- Detect SSL pinning patterns across multiple frameworks.
- Covers common SSL pinning libraries and techniques such as OkHttp, TrustManager, Conscrypt, Trustkit, and more.
- Useful for bypassing SSL pinning during security testing.
The patterns are organized in a JSON format, with each key representing a framework or method and the corresponding value listing the Smali patterns.
{
"OkHttp Certificate Pinning": [
"com/squareup/okhttp/CertificatePinner;",
"okhttp3/CertificatePinner;",
"->setCertificatePinner$okhttp",
"okhttp/CertificatePinner;->check",
"okhttp3/CertificatePinner;->check",
"okhttp3/OkHttpClient$Builder;->certificatePinner"
]
}- Use these patterns to scan Smali code for SSL pinning implementations.
- Integrate them into static analysis tools or custom scripts.
- Modify or extend the patterns based on specific requirements.
Contributions are welcome! Feel free to open issues or submit pull requests to enhance the pattern database.
This project is licensed under the MIT License.
Thanks to @akabe1 and @cryptax for some of the ssl pinning pattern.