• Stars
    star
    894
  • Rank 51,071 (Top 2 %)
  • Language
    Objective-C
  • License
    Other
  • Created over 12 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps

iOS SSL Kill Switch

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps.

Description

Once installed on a jailbroken device, iOS SSL Kill Switch patches low-level SSL functions within the Secure Transport API, including SSLSetSessionOption() and SSLHandshake() in order to override and disable the system's default certificate validation as well as any kind of custom certificate validation (such as certificate pinning).

It was successfully tested against various Apps implementing certificate pinning including the Apple App Store. iOS SSL Kill Switch was initially released at Black Hat Vegas 2012.

For more technical details on how it works, see http://nabla-c0d3.github.io/blog/2013/08/20/ios-ssl-kill-switch-v0-dot-5-released/

WARNING: THIS TWEAK WILL MAKE YOUR DEVICE INSECURE

Installing this tweak allows anyone on the same network as the device to easily perform man-in-the-middle attacks against any SSL or HTTPS connection. This means that it is trivial to get access to emails, websites viewed in Safari and any other data downloaded by any App running on the device.

Installation

Users should first download the latest pre-compiled Debian package available in the release section of the project page at: https://github.com/iSECPartners/ios-ssl-kill-switch/releases

The tool was tested on iOS7 running on an iPhone 5S.

Dependencies

iOS SSL Kill Switch will only run on a jailbroken device. Using Cydia, make sure the following packages are installed:

  • dpkg
  • MobileSubstrate
  • PreferenceLoader

How to install

Download and copy the Debian package to the device; install it:

dpkg -i <package>.deb

Respring the device:

killall -HUP SpringBoard

There should be a new menu in the device's Settings where you can enable the extension.

Finally, kill and restart the App you want to test.

How to uninstall

dpkg -r com.isecpartners.nabla.sslkillswitch

Intercepting the App Store's traffic

Additional instructions are available here: http://nabla-c0d3.github.io/blog/2013/08/20/intercepting-the-app-stores-traffic-on-ios/

Build

Most users should just download and install the Debian package. The build requires the Theos suite to be installed; see http://www.iphonedevwiki.net/index.php/Theos/Getting_Started . You first have to create a symlink to your theos installation:

ln -s /opt/theos/ theos

Make sure dpkg is installed. If you have Homebrew, use:

brew install dpkg

Then, the package can be built using:

make package

Changelog

  • v0.6: Added support for iOS 7.
  • v0.5: Complete rewrite in order to add support for proxy-ing Apple's App Store application.
  • v0.4: Added hooks for SecTrustEvaluate().
  • v0.3: Bug fixes and support for iOS 6.
  • v0.2: Initial release.

License

MIT - See LICENSE.txt

Author

Alban Diquet - https://github.com/nabla-c0d3

More Repositories

1

Introspy-iOS

Security profiling for blackbox iOS
Objective-C
725
star
2

Android-SSL-TrustKiller

Bypass SSL certificate pinning for most applications
Java
704
star
3

sslyze

Current development of SSLyze now takes place on a separate repository
Python
644
star
4

jailbreak

Jailbreak
C++
472
star
5

Introspy-Android

Security profiling for blackbox Android
Java
464
star
6

android-ssl-bypass

Black box tool to bypass SSL verification on Android, even when pinning is used.
Java
314
star
7

yontma-mac

You'll Never Take Me Alive!
Objective-C
233
star
8

ssl-conservatory

Sample SSL client code for correct endpoint validation.
Objective-C
232
star
9

Introspy-Analyzer

JavaScript
213
star
10

LibTech-Auditing-Cheatsheet

Python
198
star
11

nano-ecc

A very small ECC implementation for 8-bit microcontrollers
C
149
star
12

Android-OpenDebug

Make any application debuggable
Java
132
star
13

jailbreak-Windows

Certificate extraction tool for Windows
125
star
14

tlspretense

A test framework for testing SSL/TLS client certificate validation.
Ruby
95
star
15

yontma

You'll never take me alive.
C++
85
star
16

Android-KillPermAndSigChecks

Bypass signature and permission checks for IPCs
Java
82
star
17

publications

iSEC Partners' research publications
C++
76
star
18

RtspFuzzer

RTSP network protocol fuzzer
Python
64
star
19

femtocatcher

Java
54
star
20

manifest-explorer

A tool for viewing Android application Manifests.
Java
48
star
21

fuzzbox

A multi-codec media fuzzing tool.
Python
42
star
22

scout

AWS EC2 and S3 Security Auditing Tool
Clojure
41
star
23

dnsRedir

Python
38
star
24

R2B2

A brute-forcing delta robot
Python
27
star
25

PeachFarmer

A log collector for Peach fuzzing in the cloud
C#
27
star
26

vtfinder

pykd script to dynamically find vtables on heap (windows x86/x64)
Python
24
star
27

sqlperms

A tool for calculating necessary SQL Server permissions
C#
23
star
28

package-play

Tool for viewing Android package details, including permissions, services, activities, and more.
Java
22
star
29

libshambles

A library for efficient interception of established TCP connections
C++
19
star
30

hiccupy

Jython binding for Burp to facilitate realtime traffic analysis and modification using simple plugins.
Java
14
star
31

ZigTools

C
11
star
32

ccs-testing-tool

9
star
33

samlpummel

A BeanShell plugin for WebScarab to automate SAML auditing.
Java
8
star
34

gizmo

A graphical web proxy written in Java. It is designed to be speedy, with the user interfaced centered around keyboard use. It should do what you want, and then get out of your way.
Java
8
star
35

extractparam

Java
7
star
36

SecureNSCoder

NSKeyed(Un)ArchiverDelegate implementation to encrypt state prior to preservation and decrypt it when restoring.
Objective-C
6
star