This document outlines the security policies, educational disclaimers, and reporting procedures for the Facebook-SSL-Pinning-Bypass repository.
The content, scripts, and documentation in this repository are provided strictly for educational purposes, security analysis, personal learning, and academic research.
- Focus on Mobile Security: This project aims to demonstrate how SSL pinning works on mobile devices and how security researchers can analyze transport-layer communications in a local, controlled environment.
- No Malicious Intent: This repository does not encourage, facilitate, or promote unauthorized access, data theft, or any actions that disrupt the integrity of Facebook's services.
- Authorized Testing Only: Users of this information are responsible for ensuring that they only intercept traffic on devices and accounts they own, or where they have explicit, written consent from the relevant parties.
- Compliance with Terms of Service: Users should be aware that modifying application packages or intercepting application traffic may violate the application provider's (Meta/Facebook) Terms of Service. It is the user's responsibility to understand and comply with these policies.
When analyzing application traffic in a local sandbox or emulator, you should follow standard safety guidelines to avoid compromising your testing environment:
- Use Isolated Environments: Always perform traffic interception in a dedicated Android emulator or a separate test device. Do not use your personal, daily-driver device.
- Use Test Accounts: Never use active personal accounts. Create and use dedicated test accounts to prevent potential session hijacking or account flags.
- Manage Trusted Credentials: After completing your traffic analysis, immediately remove any custom Root CA certificates installed on the device's trust store to prevent potential interception by unauthorized networks in the future.
If you identify a security issue, have concerns regarding the contents of this repository, or wish to report a vulnerability, please contact the maintainer directly.
Please send your reports or inquiries to:
- Primary Email: shahmakhdumshajon@gmail.com
- Telegram Contact: https://t.me/SHAJON
We request that you contact us privately using the details above rather than opening public GitHub issues or discussions.