Comment by fcpk
18 days ago
Sadly, certificate pinning/certificate transparency makes this not so useful for apps that want to enforce security.
It would be very interesting to get something that can actually hook into the most common ssl libraries and/or decryption functions, and tries to dump things on the fly. Sure it'll still be blocked if there's tampering detection, but at least it could give some real transparent insight on calls done by some apps at times.
In a few years there will be someone, probably much smarter than me, that figures out how to automatically bypass the checks for the certificate pins and solve 99% of the cases that don't work today.