> The only way (to my knowledge) to overcome this isto attach a debugger to the app and manually strip the ssl or view the packets prior to being sent.
And that is the very intention.
Both as a user and a software engineer I find this perfectly natural. The app developer could have implemented this himself or just used public-key encryption on top of his HTTPS enabled but not certificate-pinned application.
And that is the very intention.
Both as a user and a software engineer I find this perfectly natural. The app developer could have implemented this himself or just used public-key encryption on top of his HTTPS enabled but not certificate-pinned application.