The security measures are not there to secure you from seeing the requests, they... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

jtwebman on July 10, 2015 | parent | context | favorite | on: Reverse Engineering the Subway Android App

The security measures are not there to secure you from seeing the requests, they are there to stop people using the app getting hacked with man in the middle attacks, no? I think they know they need to also make sure their API is secure as well.

rwestergren on July 10, 2015 [–]

I understand what you mean, but an attacker wouldn't be able to decrypt during a MiTM attack since SSL is being used -- regardless of cert pinning. An effect of pinning is losing the ability to perform a self MiTM to decrypt traffic; this post simply demonstrates bypassing that.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact