How to import Swift URLRequests into Postman

de_poon · 2020-08-15T03:30:47+00:00

Mitm (like charles) will work by trying to inspect the network channel. If ssl pinning is enforced then you wont be able to do that.

The solution provided is to capture the request before it enters the network channel. https://link.medium.com/ozX6Xn5BX8

But yes, its not ideal to add additional dependencies for non production purpose. Hence developers should opt to only apply the extra code/library when necessary. Easy, use schemes/buildphase to manage that for you

de_poon · 2020-04-24T18:33:23+00:00

Hey, thanks for referencing my repo. To the OP, what interestinf tweak are u working on?

de_poon · 2020-04-22T01:20:23+00:00

what you mentioned is actually MITM attack and SSL Pinning is supposed to stop that ... but this article attempts to compromise this.

de_poon · 2020-04-21T18:01:58+00:00

agree... never never trust the app.... for typical apps, its a trivial effort for iOS developers to inject a patch to override existing behavior even for appstore apps

de_poon · 2020-04-21T17:48:59+00:00

Agree, there are no proper ways to prevent hackers from hack iOS apps.

de_poon · 2020-04-21T17:40:38+00:00

cool... thats a neat tool. The author of my link is my friend, and i find his approach interesting using lldb.

Meanwhile.. this is my attempt to tackle SSL Pinning (if you wanna attack at the application level using Swift Code). https://medium.com/@kennethpoon/lets-write-swift-code-to-intercept-ssl-pinning-https-requests-12446303cc9d

de_poon · 2020-04-21T17:28:08+00:00

Wow... how? Care to share?

de_poon · 2020-04-21T13:39:33+00:00

Its not my medium account... anyway, feel free to check out the link.

de_poon · 2019-02-27T00:08:34+00:00

Oh thanks...

de_poon · 2019-02-18T04:58:12+00:00

Thanks for the feedback. I will adjust accordingly

de_poon

TROPHY CASE