├── .gitignore
├── .gitmodules
├── LICENSE.txt
├── README.md
├── SSLKiller.h
└── SSLKiller.m


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Created by http://www.gitignore.io
 2 | 
 3 | ### System ###
 4 | .DS_Store
 5 | 
 6 | ### Xcode ###
 7 | build/
 8 | *.pbxuser
 9 | !default.pbxuser
10 | *.mode1v3
11 | !default.mode1v3
12 | *.mode2v3
13 | !default.mode2v3
14 | *.perspectivev3
15 | !default.perspectivev3
16 | xcuserdata
17 | *.xccheckout
18 | *.moved-aside
19 | DerivedData
20 | *.xcuserstate
21 | 
22 | 
23 | ### Objective-C ###
24 | # Xcode
25 | #
26 | build/
27 | *.pbxuser
28 | !default.pbxuser
29 | *.mode1v3
30 | !default.mode1v3
31 | *.mode2v3
32 | !default.mode2v3
33 | *.perspectivev3
34 | !default.perspectivev3
35 | xcuserdata
36 | *.xccheckout
37 | *.moved-aside
38 | DerivedData
39 | *.hmap
40 | *.ipa
41 | *.xcuserstate
42 | 
43 | # CocoaPods
44 | #
45 | # We recommend against adding the Pods directory to your .gitignore. However
46 | # you should judge for yourself, the pros and cons are mentioned at:
47 | # http://guides.cocoapods.org/using/using-cocoapods.html#should-i-ignore-the-pods-directory-in-source-control
48 | #
49 | Pods/
50 | Podfile.lock
51 | 
52 | ### AppCode ###
53 | .idea/
54 | 


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "fishhook"]
2 | 	path = fishhook
3 | 	url = https://github.com/facebook/fishhook.git
4 | 	branch = master
5 | 


--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
 1 | This is the MIT license: http://www.opensource.org/licenses/mit-license.php
 2 | 
 3 | Copyright 2012 Alban Diquet and contributors
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this
 6 | software and associated documentation files (the "Software"), to deal in the Software
 7 | without restriction, including without limitation the rights to use, copy, modify, merge,
 8 | publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
 9 | to whom the Software is furnished to do so, subject to the following conditions:
10 | 
11 | The above copyright notice and this permission notice shall be included in all copies or
12 | substantial portions of the Software.
13 | 
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
15 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
16 | PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
17 | FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
18 | OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
19 | DEALINGS IN THE SOFTWARE.
20 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ### What is iOS-SSL-KILLER ?
 2 | 
 3 | iOS-SSL-KILLER does the same thing as [iOS SSL Kill Switch](https://github.com/iSECPartners/ios-ssl-kill-switch), and core codes comes from `iOS SSL Kill Switch`. 
 4 | 
 5 | Introduction of `iOS SSL Kill Switch`: 
 6 | > Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps
 7 | 
 8 | ### What's the difference with `iOS SSL Kill Switch`？
 9 | 
10 | `iOS-SSL-KILLER` do not require jailbreaked devices, hook SSL-related functions with [fishhook](https://github.com/facebook/fishhook)
11 | 
12 | ### How to use?
13 | 
14 | Clone the code, build with your dylib project, inject the dylib into your app!
15 | 


--------------------------------------------------------------------------------
/SSLKiller.h:
--------------------------------------------------------------------------------
 1 | //
 2 | //  SSLKiller.h
 3 | //  
 4 | //
 5 | //  Created by Joey on 16/8/14.
 6 | //
 7 | //
 8 | 
 9 | #import <Foundation/Foundation.h>
10 | 
11 | @interface SSLKiller : NSObject
12 | 
13 | @end
14 | 


--------------------------------------------------------------------------------
/SSLKiller.m:
--------------------------------------------------------------------------------
 1 | //
 2 | //  SSLKiller.m
 3 | //  
 4 | //
 5 | //  Created by Joey on 16/8/14.
 6 | //
 7 | //
 8 | 
 9 | #import "SSLKiller.h"
10 | #import "fishhook.h"
11 | 
12 | #pragma mark - SSH-related C functions 
13 | // Hook SSLSetSessionOption()
14 | static OSStatus (*original_SSLSetSessionOption)(
15 |                                                 SSLContextRef context,
16 |                                                 SSLSessionOption option,
17 |                                                 Boolean value);
18 | 
19 | static OSStatus replaced_SSLSetSessionOption(
20 |                                              SSLContextRef context,
21 |                                              SSLSessionOption option,
22 |                                              Boolean value) {
23 |     // Remove the ability to modify the value of the kSSLSessionOptionBreakOnServerAuth option
24 |     if (option == kSSLSessionOptionBreakOnServerAuth)
25 |         return noErr;
26 |     else
27 |         return original_SSLSetSessionOption(context, option, value);
28 | }
29 | 
30 | // Hook SSLCreateContext()
31 | static SSLContextRef (*original_SSLCreateContext) (
32 |                                                    CFAllocatorRef alloc,
33 |                                                    SSLProtocolSide protocolSide,
34 |                                                    SSLConnectionType connectionType
35 |                                                    );
36 | 
37 | static SSLContextRef replaced_SSLCreateContext (
38 |                                                 CFAllocatorRef alloc,
39 |                                                 SSLProtocolSide protocolSide,
40 |                                                 SSLConnectionType connectionType
41 |                                                 ) {
42 |     SSLContextRef sslContext = original_SSLCreateContext(alloc, protocolSide, connectionType);
43 |     
44 |     // Immediately set the kSSLSessionOptionBreakOnServerAuth option in order to disable cert validation
45 |     original_SSLSetSessionOption(sslContext, kSSLSessionOptionBreakOnServerAuth, true);
46 |     return sslContext;
47 | }
48 | 
49 | 
50 | // Hook SSLHandshake()
51 | static OSStatus (*original_SSLHandshake)(
52 |                                          SSLContextRef context
53 |                                          );
54 | 
55 | static OSStatus replaced_SSLHandshake(
56 |                                       SSLContextRef context
57 |                                       ) {
58 |     OSStatus result = original_SSLHandshake(context);
59 |     
60 |     // Hijack the flow when breaking on server authentication
61 |     if (result == errSSLServerAuthCompleted) {
62 |         // Do not check the cert and call SSLHandshake() again
63 |         return original_SSLHandshake(context);
64 |     }
65 |     else
66 |         return result;
67 | }
68 | 
69 | 
70 | #pragma mark - SSLKiller
71 | @implementation SSLKiller
72 | 
73 | + (void)load {
74 |     rebind_symbols((struct rebinding[3]){
75 |         {"SSLSetSessionOption",     replaced_SSLSetSessionOption,   (void *)&original_SSLSetSessionOption},
76 |         {"SSLCreateContext",        replaced_SSLCreateContext,      (void *)&original_SSLCreateContext},
77 |         {"SSLHandshake",            replaced_SSLHandshake,          (void *)&original_SSLHandshake}
78 |     }, 3);
79 |     NSLog(@"============= SSL is disabled ===========");
80 | }
81 | 
82 | @end
83 | 


--------------------------------------------------------------------------------