Find sites that have pinned certificates so you can decide
whether to allow the traffic by excluding it from decryption.
Certificate pinning forces the client application
to validate the server’s certificate against a known copy to ensure
that certificate really comes from the server. The intent of pinned
certificates is to protect against
man-in-the-middle (MITM) attacks
where a device between the client and the server replaces the server
certificate with another certificate.
Although this prevents
malicious actors from intercepting and manipulating connections,
it also prevents
forward proxy decryption because
the firewall creates an impersonation certificate instead of the
server certificate to present to the client. Instead of one session
that connects the client and server directly, forward proxy creates
two sessions, one between the client and the firewall and another
between the firewall and the server. This establishes trust with
the client so that the firewall can decrypt and inspect the traffic.
However,
when a certificate is pinned, the firewall cannot decrypt the traffic because
the client does not accept the firewall’s impersonation certificate—the
client only accepts the certificate that is pinned to the application.