Home » Android » android – Charles Proxy intercepting SSL Pinning enabled traffic-Exceptionshub

android – Charles Proxy intercepting SSL Pinning enabled traffic-Exceptionshub

Posted by: admin February 24, 2020 Leave a comment

Questions:

An Android application that has SSL Pinning was successfully tested on a mobile device running Android 6 (with the certificates installed) using Burp proxy and OWASP ZAP Proxy. As expected the application refused connections when using either proxy.

However, when tested using Charles Proxy it was possible to intercept and read most of the app traffic in clear text, despite the presence of SSL Pinning.

What could be a reason for this? Google searches yielded no fruit.

How to&Answers: