Is there no way to bypass certificate pinning without patching apps?


Can you do anything other than patching apps’ compiled-code/cert-files (which is app-specific, requires manual analysis and patching + super-user/root) to intercept TLS traffic of apps that use certificate pinning?

The answer seems to be No, from mitmproxy’s docs:

Certificate Pinning

Some applications employ Certificate Pinning to prevent man-in-the-middle attacks. This means that mitmproxy and mitmdump’s certificates will not be accepted by these applications without modifying them. It is recommended to use the passthrough feature in order to prevent mitmproxy and mitmdump from intercepting traffic to these specific domains. If you want to intercept the pinned connections, you need to patch the application manually. For Android and (jailbroken) iOS devices, various tools exist to accomplish this.

I understand that certificate pinning is part of the trust model of these apps, at the same time as a user, I would like to sniff/intercept their traffic for analysis, locally on my device, in order to make statistics/insights on my habits and behavior, from events such as emails sent (using ProtonMail), messages sent (using Signal/WhatsApp) or any event that can be deduced from the analysis of traffic (using something similar-to/as-powerful-as mitmproxy’s Python scripting API or Scapy’s filters).