android – Charles Proxy intercepting SSL Pinning enabled traffic-ThrowExceptions

Exception or error:

An Android application that has SSL Pinning was successfully tested on a mobile device running Android 6 (with the certificates installed) using Burp proxy and OWASP ZAP Proxy. As expected the application refused connections when using either proxy.

However, when tested using Charles Proxy it was possible to intercept and read most of the app traffic in clear text, despite the presence of SSL Pinning.

What could be a reason for this? Google searches yielded no fruit.

How to solve:

Leave a Reply

Your email address will not be published. Required fields are marked *