Why does pinning a CA root certificate not present a security risk?

AWS recommends pinning their root certificate when implementing SSL pinning. My understanding is that SSL pinning for mobile applications mitigates a situation where an attacker has installed a malicious certificate on the de… Continue reading Why does pinning a CA root certificate not present a security risk?

Proxying an Android app protected with certificate sign request with Burp Suite

I’d like to proxy an Android application with Burp Suite. The application uses certificate pinning via OkHttp3. I solved this by modifying the source code, now the application accepts the certificates generated by Burp Suite’… Continue reading Proxying an Android app protected with certificate sign request with Burp Suite