frida-interception-and-unpinning icon indicating copy to clipboard operation
frida-interception-and-unpinning copied to clipboard

Published 20 hours ago verified publisher icon httptoolkit

io.moia.neptune: SSLPeerUnverifiedException: Certificate pinning failure!

Open niansa opened this issue 1 year ago • 5 comments

Hi,

I am attempting to intercept the traffic of io.moia.neptune, however, I'm running into this error message:

 !!! --- Unexpected TLS failure --- !!!
      SSLPeerUnverifiedException: Certificate pinning failure!
  Peer certificate chain:
    sha256/WRNosUTmmEybGMgY1sPzXeJQ2oPwpPkpSooKAkz1iik=: O=Mockttp Cert - DO NOT TRUST,L=Unknown,C=XX,CN=remote-logging-app-index.trip.prd.moia-group.io
    sha256/WwZe/T7+bzD2vKjH+r9PEK5+vidkPRTRR4Up4WL4u10=: O=HTTP Toolkit CA,C=XX,CN=HTTP Toolkit CA
  Pinned certificates for remote-logging-app-index.trip.prd.moia-group.io:
    sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=
    sha256/f0KW/FtqTjs108NpYj42SrGvOB2PpxIVM8nWxjPqJGE=
    sha256/NqvDJlas/GRcYbcWE8S/IceH9cq77kg0jVhZeAPXq8k=
    sha256/9+ze1cZgR9KO1kZrVDxA4HQ6voHRCSVNz4RdTCx4U8U=
    sha256/KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I=
      Thrown by pm0.h->a
      [+] pm0.h->a (fallback OkHttp patch)
Process terminated

Any idea what that means/how to fix it? To me it sounds like Mockttp Cert - DO NOT TRUST means that the app is explicitly disallowing that certificate.

niansa avatar Dec 20 '23 21:12 niansa