Hello every body,This is a step-by-step how to implement SSL/TLS in Android as far as know :[b]TrustManager[/b]1. Add your certificate file to the app resources under[quote]/res/raw[/quote]2. Load KeyStore with the Certificate file from resources (as InputStream).[quote]val resourceStream = resources.openRawResource(R.raw.demo_cert)val keyStoreType = KeyStore.getDefaultType()val keyStore = KeyStore.getInstance(keyStoreType)keyStore.load(resourceStream, null)[/quote]3. Get TrustManagerFactory and init it with KeyStore.[quote]val trustManagerAlgorithm = TrustManagerFactory.getDefaultAlgorithm()val trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithm)trustManagerFactory.init(keyStore)[/quote]4. Get an instance of SSLContext, bind it with TrustManager, and create an sslContext with a URL connection.[quote]val sslContext = SSLContext.getInstance("TLS")sslContext.init(null, trustManagerFactory.trustManagers, null)val url = URL("http://www.example.com/")val urlConnection = url.openConnection() as HttpsURLConnectionurlConnection.sslSocketFactory = sslContext.socketFactory[/quote]As you can see, the solution presented above is quite complex. It also requires handling multiple elements related directly to the framework API. This means that the implementation is conducted on a fairly low level. It can lead to some bugs, but keep calm - there is a simpler way to handle Certificate Pinning.[b]OkHttp and CertificatePinner[/b]Personally, I prefer to inject such keys during the build process, using the buildConfigField method. It’s more flexible and safer than keeping the keys in the repository. Then, you need to build an OkHttpClient instance with the CertificatePinner. Here's how to do it:[quote]val certificatePinner = CertificatePinner.Builder() .add( "www.example.com", "sha256/ZC3lTYTDBJQVf1P2V7+fibTqbIsWNR/X7CWNVW+CEEA=" ).build()val okHttpClient = OkHttpClient.Builder() .certificatePinner(certificatePinner) .build()[/quote]You can add multiple fingerprints for different domains. Multiple fingerprints will also make your app more flexible. You can add all fingerprints from the certification path. You can also add additional certificates if the old ones are going to expire soon. Fingerprints can be retrieved directly from the certificate. You can also import the certificate file to the resources folder, like in TrustManager case. This time you need to manually write a class that will extract the fingerprint from the file. You can also use Peer certificate extractor to do that for you.[b]Network Security Configuration[/b]To enable the configuration, you need to bind a configuration file with the Manifest. To bind it, use the networkSecurityConfig attribute in the application tag. Here is a short snippet showing how to handle it:1. Create a network security config file under[quote]res/xml/network_security_config.xml[/quote]2. Add the android:networkSecurityConfig attribute to the application tag.[quote] ... example.com ZC3lTYTDBJQVf1P2V7+fibTqbIsWNR/X7CWNVW+CEEA= GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= [/quote]As you can see, this method is extremely easy to implement. However, keep in mind that it’s only available for API level 24 or higher. For lower levels, you can use a backported version of NSC.However, it does not matter which implementation method you’ll use, but always remember that Android Cert Pinning is obligatory. It is the only way to provide truly secure networking, which is why OWASP Mobile recommends certificate pinning as the most effective protection method for MiTM attacks.Thank'sShould I share how to MiTM attacks ?

let me see

ok bro nice