Skip to content

Latest commit

 

History

History
23 lines (15 loc) · 1.15 KB

README.md

File metadata and controls

23 lines (15 loc) · 1.15 KB

Poor Man's SSL Pinning

When performing network requests on a Mac/iOS device it is very easy for a bad actor to listen in and see all the information traveling to and from the device. Even if using https data can still be easily viewed in plain text by using a man in the middle proxy like Charles.

The common countermeasure to protect against this is by doing SSL Pinning. Unfortunately SSL pinning is both difficult and costly (requires a private SSL cert). SSL Pinning works against non-jailbroken devices, but there are existing jailbroken tweaks to quickly bypass pinning.

Poor Man's SSL Pinning is a simple check that will easily defeat MITM attacks on non-jailbroken phones without requiring a SSL cert or any complexities. All it does is check to see if a proxy is currently being used. If the call returns true simply don't execute the request.

Usage

let url = URL(string: "www.someurl.com/private_api/get_contents")!
if url.isProxied {
    print("the url has been proxied, refusing to perform the request")
    return
}

// perform the request

License

MIT