Clear Certificate Pinning
Some apps use certificate pinning: the moment a proxy is on, they simply cannot connect. Clearing certificate pinning makes them pause this check and trust the proxy certificate, so they can connect normally and be captured and decrypted.
1. What it solves
Section titled “1. What it solves”- An app with certificate pinning loses network access during proxy capture, because it only trusts its own built-in certificate and does not accept the proxy’s certificate.
- Select that app and pause its certificate pinning, and it can access the network normally, so its HTTPS can be routed through the proxy and decrypted.
Important: clearing pinning is not the same as reading plaintext. It only makes the app “willing to trust the proxy certificate”; it does not decrypt content itself, decryption is still done by the proxy. If what you want is to “read plaintext directly from inside the program”, that is a different matter, see App-Layer Capture on This Machine.
2. Supported targets
Section titled “2. Supported targets”Three target types, each operated on its own tab:
- Machine programs: list local processes, with multi-select and filtering by name or PID.
- iOS apps: select a device, then list apps (apps that need re-signing with a development certificate), or enter a bundle id manually.
- Android apps: select a device (must be rooted), then list apps, or enter a package name / process name / PID manually.
Two switches
Section titled “Two switches”- Automatically handle child processes (machine): some applications send and receive network requests from child processes, so handling them together avoids missed captures.
- Restart target: restart the app first, then process it, to cover requests early in its startup.

3. Coverage and honest boundaries
Section titled “3. Coverage and honest boundaries”- Covered: the certificate pinning methods of the vast majority of mainstream apps, including common native cryptographic components of various kinds, and pinning frameworks common on Android.
- Real-time feedback on results: on success it tells you how many targets / processes were handled; if an app uses an uncommon network component that is not yet supported, it says so clearly rather than leaving you waiting.
- A few cases don’t apply: programs written in Go or Rust, or desktop Java programs, usually are not suited to clearing pinning; if they read the system certificate, just install the certificate into the system / their trust store, with no need to clear pinning.
4. When to use
Section titled “4. When to use”- When a captured app uses certificate pinning and loses network access the moment a proxy is on, select it and clear pinning within the proxy session.
- To capture requests early in an app’s startup: check “Restart target”.
- Multi-process desktop applications: keep “Automatically handle child processes” on.
Back to Proxy Capture · Related: Certificate Management and Installation · App-Layer Capture on This Machine