I agree, some times we face issue to bypass by cause of different logic of how the code is written and what function to call. Also would like to thank you and appreciate you for such a simple walk through of the concept and issue.
@rushibhatt42623 жыл бұрын
I love your videos..! They are always so detailed and they always focus on things that you simply cant find in normal iOS tutorials. Keep them coming..! 🎉🎉🙏🏻🙏🏻
@iCode_Happy_Coding3 жыл бұрын
Thanks Rushil 🙂
@VirendraKumar-zf1yg3 жыл бұрын
1. Encrypt and decrypt , request and response using AES, 2. Proxy check 3. SSL pinning 4. Rooted Device check 5. Virtual device check ( if we have implemented pallycon don't neet to check ) These are security for iOS application security
@vaishurao48143 жыл бұрын
I'm preparing for my iOS interviews. This concept been asked couple of times. Thank you for sharing your knowledge !!!
@iCode_Happy_Coding3 жыл бұрын
Yes, this is one of the important interview questions, especially when interviewer wants to ask about the security aspects. Glad that you found the video useful🙂
@heshanlk172 жыл бұрын
Haven't been able to find a better explanation in the whole internet! 👏
@GauravKumar-kb1id2 жыл бұрын
Thanks, you made it simple, I was trying to learn this concept from long back but due to complex explanations I was not able to grab it.👍
@iCode_Happy_Coding2 жыл бұрын
Glad that you found the video helpful 🙂
@MithileshKumar-zm2jb Жыл бұрын
Very good explanation. We have one query. Please clear this. How we are sending a encrypted key to server after successful verification of server certificate with our bundle certificate?
@GopalDevra Жыл бұрын
Pallav, you are very good in Programming and clear about the concepts. Thanks for helping. 🙏🏻
@sagarkadam80362 жыл бұрын
Awesome Bro.. No one has ever explained http to SSL Pinning in such a way till date !!! Keep up the good job.. loads on Love for your video content.. :-) Any pointers or guideline usage for SwiftShield for obfuscation ? per you explanation we got the hang that the function names and variables are given random names so that no one can know what is being used for what.. having more complexity.
@ChandanKumar-dv4ky2 жыл бұрын
Excellent video. Thanks for making the concept clear in a very easy-to-understand way and also through a simple demo.
@sajibghosh1918 Жыл бұрын
Best iOS tutorial video ever seen! 🎉❤
@chandraindia16142 жыл бұрын
Thanks for sharing video. It is awesome. Could you pls explain certificate transparency and which technology to use to avoid security concerns. How bank apps are managing
@RohitPatil_Tech Жыл бұрын
Great video. Explained in a very clear way. Thanks Pallav!
@Cdswjp2 жыл бұрын
I may be mistaken, but I believe your short clip that attempts to describe asymmetric encryption is actually defining end-to-end encryption, which does use asymmetric encryption…. Although asymmetric encryption refers to a private key & public “key pair” (which differs from symmetry encryption), there are multiple ways asymmetric encryption can be implemented (ie. Diffie-Hellman Key exchange). In your short video clip you conveyed that asymmetric encryption is E2EE, which is incorrect. E2EE is 1 great implementation of asymmetric encryption, but asymmetric encryption is not E2EE. Overall, thanks for your videos, honestly. You do a fine job.
@jagdishshinde31023 жыл бұрын
amazing explanation sir.. my question is after this handoff, what next ?? how to handle all the apis... suppose i need the PERSON data then what i need to do???
@arturponomarenko6713 Жыл бұрын
Thank you for the video! Am I the only one who heard the word "Jazz" when the speaker were saying "Charles" 😅
@AlgorithmDecoded Жыл бұрын
MaZA aa gya , dhaga khul gya MITM ka
@followerOfJesus7232 жыл бұрын
Thanks so much. This is the 3rd video that you made that I'm studying. Thanks!!!
@MohiDP2 жыл бұрын
Your posts are always helpful!! Thanks for your efforts. I have a question, is it possible to extract entities like public key and the api keys from the ipa ?? If so, what are the ways to save them in the app safely?
@shubhamkshatriya26092 жыл бұрын
Best explanation i have seen so far. Can you please also make video on how ofuscation is done??
@UK-lp7no3 жыл бұрын
Great video dude, thanks a lot! How about the certificate we keep in our bundle, shall we store it in Keychain for safety? or just add it into our project? Because, attackers might do a reverse engineering and even get access to the certificate we are storing in bundle.
@iCode_Happy_Coding3 жыл бұрын
Definitely. We must put the certificate in Keychain. Thanks for highlighting this 🙂
@unwindarts33772 жыл бұрын
Thank you so much for very clear explanation, the way you explain makes the hard topic which are difficult to understand look easy. Please keep sharing with us awesome videos.
@polu91323 жыл бұрын
Nice to see that you are covering the topics which are not covered by most of the tutors over the internet. Thank You Sir. Lots of love. 🙏
@iCode_Happy_Coding3 жыл бұрын
Thanks Polu 🙂
@GauravKumar-kb1id Жыл бұрын
I need to implement this for one of my projects, that project communicates to multiple domains, will it be possible to do pinning for various domains or can we do it for one and can trust communication for others? I would greatly appreciate how we can achieve this any idea or thought.
@mepolob Жыл бұрын
Hi iCode I have implemented SSL pinning through public key pinning in one of my app. But I'm getting different keys from the server while running the app in the device. Sometimes the public key from the server is matching and sometimes it's not. Can you please tell me what's going wrong here? Thanks in advance.
@himanshugarg39575 ай бұрын
This was really detailed and Helpful Video👍
@vigneshshetty21692 жыл бұрын
Thank you sir ur videos helping me a lot to grow my knowledge because I am a fresher so I am in a begging stage thanks again
@omkamath Жыл бұрын
Can this be done for third party APIs such as Google APIs?
@puneetpal14663 жыл бұрын
Million thanks for such a hot topic with beautiful explanation ✌️✌️
@iCode_Happy_Coding3 жыл бұрын
Thanks Puneet 🙂
@maryjudit63132 жыл бұрын
Clear explanation.. Keep doing more videos💫💥
@followerOfJesus7232 жыл бұрын
Please continue to make informative videos like this. Videos that other people aren't making!
@anweshannu25182 жыл бұрын
Thank you very much Sir. Could you please make Videos on what is DRM, fairplay and widevine etc
@iCode_Happy_Coding2 жыл бұрын
Thanks for the suggestion Anwesh. It's one of my favourite topics and will definitely look for covering it. 🙂
@manojshivhare9372 жыл бұрын
thanks for sharing such informative video with us. may i know is there any paid tool which can intercept API despite having certificate pinning ??? please let me know if anything.
@VirendraKumar-zf1yg3 жыл бұрын
We can add another layer also with SSL pinning , means we can check device is rooted or not if device is rooted we can terminate app.
@timelapse74543 жыл бұрын
Hi, I am trying to implement, Root check/Jailbreak detection I our App, but not able to find any reliable method, can you please share any document or link if you have any. Thanks.
@hotskyakash2 жыл бұрын
Wonderful 🥇 video for complex topic
@neerajverma92262 жыл бұрын
But if we use DNS poisoning we can easily bypass SSL pining, isn't it?
@Rahul-jf5kf2 жыл бұрын
please make video on PKCS12 for security. also make one overview video on what are the ways to implement various levels of security.
@rameshK-yx8nz3 жыл бұрын
Great video...Thanks for the information...may I please know how to achieve obfuscation?
@iCode_Happy_Coding3 жыл бұрын
Thank you Ramesh 🙂. Obfuscation takes a separate set of efforts, and expertise which I’m not aware of. But most of the companies take third party assistance for obfuscation. For example, Guard Square - it provides obfuscation services PS - not a paid promotion 😅
@rogupta1232 жыл бұрын
What prevents the MITM downloading the same certificate as the real webserver. Would this bypass SSL pinning check?
@avinashvardhan62082 жыл бұрын
Do we need to write the didReceiveChallenge method for every new or another web service call?
@vaibhavabajpai98343 жыл бұрын
Thank you so much for clearing my one doubt. Thanks a ton.
@iCode_Happy_Coding3 жыл бұрын
Glad that you found the video helpful 🙂
@shubhamojha43442 жыл бұрын
Kya vaibhava ji bhot padhai kar rahe ho :D
@diegooruna13053 жыл бұрын
I love these iOS security videos. Do more, please!
@iCode_Happy_Coding3 жыл бұрын
Sure Diego. I'll try to cover more topics on the same lines. 🙂
@asherazeem32822 жыл бұрын
In case of ssl pinning hacked. We can also use Safety net implementation or Appattest service. Like, we use captcha in our web app. And we also can implement jail break for rooted device. Thing will be secure. After jail break implementation no one will be able to open app with rooted device.
@ankit_gupta_23_Sept Жыл бұрын
How can we implement dynamic SSL pinning in swift?
@jsmnp072 жыл бұрын
Why policy array not used?
@MrRaveHaven Жыл бұрын
Thanks for the explanation!!
@amirmuhsin2 жыл бұрын
Perfect explanation, dude. Subscribed :D Thanks
@codepro62492 жыл бұрын
SecTrustGetCertificateAtIndex is deprecated in ios 15. any solution?..
@manojpetshali32403 ай бұрын
Nice explanation
@Nisargpatel-g1e Жыл бұрын
loved the explanation , good job
@LifeTravelExplorer2 жыл бұрын
great explained.
@ferrerasalexander11 ай бұрын
Excelente Video
@techsavvy5040 Жыл бұрын
For Public Key pinning, as we are keeping Public Key hard coded in iOS code, that public key need to be same even after SSL certificate renewal. Is that my understanding correct?
@rajanmaheshwari Жыл бұрын
Correct. When you renew your certificate, the public key remains the same. However, if you change the certificate, public key will also change. TrustKit allows you to keep two public keys so if one fails, it can fall back to the other.
@sureshdurishetti5835 Жыл бұрын
What is the good practice to keep/have public hard coded pinning key in Xcode?
@chsjsiwixhsiwidjjcksis56492 жыл бұрын
can we patch smali to bypass certificate pinning ?
@MAHOSSAN12 жыл бұрын
Excellent tutorials . Good explanation
@TheDreadeddevil6 ай бұрын
Great video💯
@akshaykumar-qj2kx3 жыл бұрын
Thanks Pallav. You video is very informative
@iCode_Happy_Coding3 жыл бұрын
Thanks Akshay 🙂
@anandmishra39263 жыл бұрын
Love this Video. Thank You.
@iostutorial5182 жыл бұрын
App in the production if It’s possible to expire the certificate how we could to update it? We need to get the updated certificate through the api?
@chandraindia16142 жыл бұрын
No, you need to update the app with the new certificate and allow users to forcefully update the app. Thanks
@rajanmaheshwari Жыл бұрын
You can build whatever logic you want. You can update the already saved certificate and download it from your custom-made API, save it in the document directory, overwrite the existing one, and then pass the DD path of your local certificate to match the host certificate. Doesn't necessarily always need to update the app. This type of logic only works when you keep your cer in DD path and not in the App bundle. For App bundle, you need to update the app.
@shikhabudhiraja70842 жыл бұрын
What if man in middle have the public key of our server certificate? Since it wont chanve with tym, its more prone to issues like leaking of public keys...please clarify?
@rajanmaheshwari Жыл бұрын
Public Key as the name suggests is public to all. You can extract the public key of any domain. The point is that if that man in the middle tries to intrude, the public key of that intruded host will change and will not match with the public key of your actual domain. The issue is not that the public key is exposed. It's already exposed. To hide the function where you are actually using that key, use obfuscation.
@Shanmugarajeshwaran3 жыл бұрын
I Have followed step, which is given in the medium blog for public key pinning, not working for me. Always getting wrong hash, compared to hash generated from terminal
@iCode_Happy_Coding3 жыл бұрын
I’ll try to cover it in detail.
@Shanmugarajeshwaran3 жыл бұрын
@@iCode_Happy_Coding 😀👍
@pushpabisht48502 жыл бұрын
Superb explanation 👍
@saurabhsierra91953 жыл бұрын
Awesome and knowledge filled as always... Thank you. 💐
@iCode_Happy_Coding3 жыл бұрын
I’m glad that you liked the video. Thanks for your constant support 😊
@saurabhsierra91953 жыл бұрын
@@iCode_Happy_Coding Most Welcome you and your team always...as good content today are less seen .
@pawanmanjani12983 жыл бұрын
Superb man Please keep posting
@iCode_Happy_Coding3 жыл бұрын
Thanks Pawan 🙂
@farooqueazam85793 жыл бұрын
Nice video thank you
@ShikhaRajpootana2 ай бұрын
Sir where is public key pinning!!!
@guidence91513 жыл бұрын
i am waiting for this type of videos thank you
@iCode_Happy_Coding3 жыл бұрын
Thanks Swapnil 🙂
@sainiketan472 жыл бұрын
Good one 👍
@vinaypiplani23733 жыл бұрын
Hi Pallav, Hope you are doing well ! I would request you to please make a video in Hindi language also.
@iCode_Happy_Coding3 жыл бұрын
I try to use a language that is understandable by everyone. I’ll try to add subtitles in Hindi 🙂
@variousd35073 жыл бұрын
I guess that this method is not working on https protocols right?
@iCode_Happy_Coding3 жыл бұрын
It works for HTTPS as well (as I demonstrated in the video). It will not work if SSL pinning would have been done.
@manjeetchoudhary58608 ай бұрын
You are great 😮😮
@bamanstech30063 жыл бұрын
Interesting , thank you for sharing.
@rehanismail70823 жыл бұрын
I like a lot your tutorial 👍.Perfect
@iCode_Happy_Coding3 жыл бұрын
Thanks Rehan 🙂
@brooklyn7853 Жыл бұрын
it doesnt make app secure it just hide app developer and backend problem. allow user to intercept traffic so they can see who is making network calls.
@AnuragKashyap172 жыл бұрын
How to perform obfuscation ???
@AnuragKashyap172 жыл бұрын
Great tutorial btw 💗
@iCode_Happy_Coding2 жыл бұрын
Glad that you liked the video. Generally it is done by using third parties like Guard Square. What they are doing internally is very detailed topic that even I'm not 100% aware of. I'll try to learn and cover it in one of my upcoming videos. Thanks for the suggestion 🙂
@AnuragKashyap172 жыл бұрын
@@iCode_Happy_Coding Thank you for the reply. And it will be awesome if it is coming in future. And the videos are really of very high quality content. Keep up the good work.