'HTTPS sniffing/Charles SSL doesn't work on Facebook

Charles SSL works on basically any other app or website except Facebook. I have installed all the certificates on iOS devices, but when sniffing Facebook only, I always get status Failed when method is CONNECT. What is wrong?

iospacket-snifferssniffingcharles-proxy


Solution 1:[1]

Probably using certificate pinning.

Find some info in the comments to the answers here:

How Facebook, SnapChat, or Gmail iOS apps prevent Fiddler decrypting their https traffic?

From a now deleted blog that explains it well:

Certificate Pinning is an extra layer of security that is used by applications to ensure that the certificate provided by the remote server is the one which is expected.

By including the remote server’s x509 certificate or public key within the application, it is possible to compare the locally stored certificate or key with the one provided by the remote server.

Here is some info on how to bypass pinning on iOS

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Autoshrink setting for UIButton in Storyboard

Find all available images for Image(systemName:) in SwiftUI

Save string to the NSUserDefaults?

UITextField Autocomplete?

iOS Charts - Bar Chart repeating labels on X axis

Debug embedded browser view in native Facebook iOS app

Xcode Import For Localizations Missing Resource in Import error

How long can an iPhone app live in the background?

UIPageViewController swipe ignores SwiftUI's navigationBarHidden(true)

About using Swiftz library issues(Functional programing)

Force AutoFill Save Password dialog programmatically

building for iOS Simulator, but linking in object file built for iOS

ERROR: Runner.xcworkspace does not exist. error implementing google maps

ERROR: Runner.xcworkspace does not exist. error implementing google maps

AutoLayout Equal Heights hides Subviews