I already implemented SSL Pinning , I just want to know how to check if its working so we could be free from findings during PEN Test.
Hi,
This is taken from SSL Pinning Plugin Documentation :
To test the mobile app with SSL Pinning, do the following:
Publish and generate the new version of your mobile app with SSL Pinning.
Install the app in your smartphone and run.
Verify that app works, as it has the right certificate and hash keys.
To see SSL pinning in rejecting a certificate, do the following:
Edit the configuration file and tamper with the hashes. For example, change one character in each hash.
In your mobile app:
Remove the resource with the old configuration file.
Add a resource with the new configuration file (don’t forget to set the properties).
Publish and generate the new version.
Install the new version in your smartphone and run.
The mobile app won’t work because the SSL inning raises an error due to an invalid certificate.
Thanks