JustTrustMePro is an Xposed module that allows Android applications to bypass SSL certificate validation. This tool is particularly useful for security researchers, developers performing app analysis, and for debugging encrypted traffic in development environments.
- Bypasses SSL certificate pinning mechanisms in Android applications
- Works with various HTTP libraries including OkHttp, Apache HTTP, and Android's native implementations
- Hooks into WebView and other secure connection methods
- Compatible with modern Android versions
- Minimal impact on application performance
- A rooted Android device
- Xposed Framework (or alternatives like LSPosed/EdXposed) installed and working
- Download the latest APK from the Releases section
- Install the APK on your device
- Enable the module in Xposed Installer (or equivalent)
- Reboot your device
- Select target apps in the module settings (if available)
- Clone the repository:
git clone https://github.com/hang666/JustTrustMePro.git - Open the project in Android Studio
- Sync the Gradle files
- Build using:
./gradlew assembleDebug - Find the compiled APK in
app/build/outputs/apk/debug/
After installation and configuration:
- Start the target application
- The module will automatically hook into the SSL validation process
- Certificate validation will be bypassed, allowing you to inspect encrypted traffic using tools like mitmproxy
JustTrustMePro is intended solely for security research, application development, and debugging purposes. Users are responsible for ensuring they comply with all applicable laws and regulations when using this tool.
The developers assume no liability for any misuse of this software. Use at your own risk and only on applications you own or have permission to test.