mobile-ssl-pinning-bypass
CommunityIntercept pinned mobile HTTPS safely.
AuthorDorianGallo
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Mobile apps often block traffic interception by enforcing SSL certificate/public key pinning, preventing bug bounty and authorized testing from inspecting HTTPS requests and responses.
Core Features & Use Cases
- Pinning-Type Aware Bypass: Targets certificate pinning, public key pinning, SPKI hash pinning, CA pinning, and multi-pin fallback logic.
- Android + iOS Playbooks: Uses Frida/Objection approaches on Android and iOS, plus iOS-specific strategies (e.g., SecTrust hook points or jailbreak tweaks).
- Framework-Specific Coverage: Handles Flutter (native/BoringSSL level), React Native (platform networking), and Xamarin-style managed validation paths.
- Practical Troubleshooting: Provides a decision tree and diagnostics for multi-layer pinning, non-HTTP protocols, anti-tampering crashes, and proxy CA trust issues.
Quick Start
Use the skill to intercept a target mobile app’s HTTPS traffic by choosing the correct Android or iOS bypass method for the app’s pinning and framework type.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: mobile-ssl-pinning-bypass Download link: https://github.com/DorianGallo/hack-skills-local/archive/main.zip#mobile-ssl-pinning-bypass Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.