MOB-SSL-PINNING-BYPASSDefense Evasion

SSL / Certificate Pinning Bypass

Hook OkHttp CertificatePinner / TrustManager / native pinning via Frida (objection / frida-tools), enabling MITM of the app's traffic.

§ Where this technique fits

MOB-SSL-PINNING-BYPASS is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Root detection + SSL pinning bypass → MITM the API
Rooted test device with Frida. Hook the app's root-detection and OkHttp CertificatePinner; route traffic through Burp to expose the entire authenticated API surface.
step 3 / 6

§ What commonly comes next

01
Adversary-in-the-Middle
T1557 · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Root detection + SSL pinning bypass → MITM the API

§ What commonly comes next