通过添加SSL Pinning来保护您的Flutter应用

[

Dwi Randy Herdinanto

](https://dwirandyh.medium.com/?source=post_page-----474722e38518--------------------------------)

·

Follow

关注

Outline

大纲

Introduction
Introduction
Setting up a Flutter project
设置一个Flutter项目
Import Certificate from Website
从网站导入证书
Adding SSL Pinning to Project
将SSL Pinning添加到项目中
Testing SSL Pinning Implementation
测试SSL Pinning实现
Summary
摘要

Introduction

介绍

When using HTTPS, the server automatically creates a certificate and sends it to the app. However, the app will accept any certificate it receives, making it vulnerable to a man-in-the-middle attack (MITM) where a hacker intercepts the client-server connection and adds some bad certificates that can lead to data breaching and leakage of private user information. This can be a security concern.

在使用HTTPS时，服务器会自动创建证书并将其发送给应用程序。然而，应用程序会接受任何收到的证书，这使其容易受到中间人攻击（MITM）。中间人攻击是指黑客拦截客户端与服务器之间的连接，并添加一些恶意证书，可能导致数据泄露和私人用户信息的泄露。这可能是一个安全问题。

SSL Pinning will create trustable SSL certificate connection between the server and the client. This way, an additional validation is in place to check whether the certificate stored in the application is the same as the one used by the server. If the certificate does not match, the application can reject it.

SSL Pinning将在服务器和客户端之间创建可信的SSL证书连接。这样，就会进行额外的验证，检查应用程序中存储的证书是否与服务器使用的证书相同。如果证书不匹配，应用程序可以拒绝它。

Limitation

限制

An SSL certificate has an expiration date and must be renewed regularly. So we have to update the app with every new certificate, even if there is no change in the our application.

SSL证书有一个过期日期，必须定期更新。因此，即使我们的应用程序没有任何变化，我们也必须使用每个新的证书来更新应用程序。

If you want to learn more about TLS/SSL Pinning, i recommend you to watch this video

如果您想了解更多关于TLS/SSL Pinning的信息，我建议您观看这个视频

Setting up a Flutter project

设置一个Flutter项目

For this tutorial we will create an simple application that fetch data from https://newsapi.org/

在本教程中，我们将创建一个简单的应用程序，从https://newsapi.org/获取数据

Create an simple http request to fetch news from web service

创建一个简单的HTTP请求来从Web服务获取新闻

Step 1 Cr...