This is a comprehensive playbook for bypassing SSL certificate pinning when pentesting mobile apps on Android and iOS. It covers the full stack: Frida hooks for TrustManager, OkHttp, and Conscrypt, one-liner Objection commands, network security config patching, Xposed modules, and framework-specific bypasses for React Native, Flutter, and Xamarin. The Frida script alone handles about eight different pinning implementations including modern OkHttp 4.x variants. Useful when you need to intercept HTTPS traffic from a mobile app and Burp shows nothing because the app won't trust your proxy certificate. The skill includes the actual JavaScript and smali-level details that base models usually hallucinate incorrectly.
npx skills add https://github.com/yaklang/hack-skills --skill mobile-ssl-pinning-bypass