Stick a Pin in Certificate Pinning: How to Inspect Mobile Traffic and Stop Data Exfiltration
With the rise of encrypted traffic, more and more companies are deploying SSL inspection platforms to decrypt SSL. Unfortunately, these companies quickly discover that they cannot decrypt all traffic, particularly communications to mobile apps that use certificate pinning. What is certificate pinning? It's a method of preventing Man in the Middle (MitM) attacks by validating server certificates against known, approved certificates or hashes that are bundled with the application.