We have SSL certificate pinning handled natively using public key pinning approach in the network layer of our application. Recently we tried to bypass the SSL pinning using Frida CLI by loading a script that can be found here https://codeshare.frida.re/@federicodotta/ios13-pinning-bypass/
And we have used the below command to achieve the SSL pinning bypass in the ipa file of our application running in an iPhone,
frida -U -l sslPinningBypassScript.js ExampleApplication
The ssl bypass was succeeding as you can see below
gow@gow-MacBook-Pro Downloads % frida -U -l sslPinningBypass.js ExampleApplication
____
/ _ | Frida 15.1.17 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to iPhone (id=60e237ae0552d5906da9c5203954591e8f16abcde)
Attaching...
[+] Bypass successfully loaded
[iPhone::ExampleApplication ]->
Is there a way to prevent this ssl pinning bypass happening?
Note: This happens only for the ipa file which is installed manually from our machine and we tried the same steps to bypass for the testflight build which didn't succeed.