Social network Facebook has implemented a means for security researchers to analyze network traffic on Facebook, Messenger & Instagram Android applications on their own accounts for bug bounty purposes. FB has further advised developers to turn off these settings while not testing FB Websites for security vulnerabilities.
FB’s Certificate Pinning protects traffic coming from FB Sites. According to Facebook, when security researchers turn on the “Whitehat Settings” option, it will intentionally break its Certificate Pinning mechanism for that account, so the researcher can intercept, sniff, & analyze the traffic that originates from within.
More information and technical details about this feature and how to use it can be found here.
Image & Source Credit: FB
