Skip to content

SSLKiller is used for killing SSL verification functions on Android client side. With SSLKiller, You can intercept app's HTTPS communication packages between the client and server.

Notifications You must be signed in to change notification settings

liuyufei/SSLKiller

Repository files navigation

SSLKiller

SSLKiller is used for killing SSL verification functions on Android client side. With SSLKiller, You can intercept app's HTTPS communication packages between the client and server. This project is very helpful for those who wants to analysis the network communications in android apps but with HTTPS deployment.

This project is build as a Xposed module. Before using it, you have to install Xposed on your Android device first!

Burp Suite can help us to deploy a MITM and intercept transparent http packages. When meets https transaction, burp uses a fake server cert to communicate with the client. If app has a uncorrect cert verification process (e.g. an empty TrustManager implementation) the https packages can be intercepted by burp but if app do the right verification, burp will alert connection failed error. SSLKiller can fix this problem and let all https transaction of the app displayed in burp.

preview

About

SSLKiller is used for killing SSL verification functions on Android client side. With SSLKiller, You can intercept app's HTTPS communication packages between the client and server.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages