Within the iOS ecosystem, validating certificates during secure connections is a crucial step, similar to the role played by TrustManager on Android. This validation is essential to guarantee the authenticity and integrity of SSL/TLS certificates presented by remote servers.
On iOS, certificate validation is performed through specific APIs and classes provided by the operating system. This process involves the use of classes such as URLSession, NSURLConnection, NSURLSessionDelegate, SecTrust and SecTrustEvaluate. Such APIs allow developers to implement custom logic to verify the authenticity of SSL/TLS certificates during secure connections.
Verification is based on the authenticity of the server certificate, ensuring that it is valid and trustworthy. The certificate chain hierarchy, which includes the server certificate, signed by a Certificate Authority (CA), is verified until it reaches a trusted Root Certificate Authority.
In some situations, to bypass the default certificate validation in iOS, you can install specific certificates in the system certificate store. For example, installing a certificate authority (CA), such as Burp Suite, in the system's certificate store can cause the device to trust certificates issued by that authority, allowing for the successful interception of SSL/ TLS in apps that trust iOS certificate validation.
When the SSL Pinning technique is implemented in iOS applications, the system's default certificate validation is replaced with custom verification logic defined by the developer. This means that even if the iOS certificate validation system accepts a certificate as valid, the application explicitly checks specific certificates encoded for SSL Pinning.
However, flaws in the implementation of SSL Pinning can introduce vulnerabilities, allowing incorrect or incomplete verification of certificates.
Additionally, there are known scripts, such as multiple-ssl-pinning, which, even without installing a specific certificate on the system, can potentially bypass the validation of the iOS certificate system.
-> Start your proxy
-> Configure an HTTP proxy server on the device
Wifi Settings -> Select the wifi network used -> Configure Proxy -> Manual -> Set the proxy IP and port
-> Download your proxy certificate
When a profile is installed through the Settings app, it is managed at the user level. This means that the certificates or settings contained in this profile are associated with the specific user who installed them on the device.
Settings -> VPN & Device Management -> Downloaded Profile Portswigger CA -> Install
On iOS, the "Enable Full Trust for Root Certificates" option in the "Certificate Trust Settings" settings allows certificates installed at the user level through the installed profile to be trusted at a deeper level, or to be trusted at the root level. system.
Settings -> About -> Certificate Trust Settings -> ENABLE FULL TRUST FOR ROOT
