Add missing tests for certificate pinning

[titze]

The remaining tests according to the sections we defined in 0x05g need to be added

Test 1

Static test for the custom Trust Manager case. Does the app use this approach and if it does, is it correct? For example: uses a Trust Manager that does nothing and therefore trusts everything.

Test 2

Dynamic test that uses Frida e.g. via objection via MASTG-TECH-0012 to "try to bypass" pinning. This will reveal what mechanisms are actually in place. This helps confirm how/where pinning is implemented and then be able to statically analyze those locations.

There are caveats of course as the original test indicates but it's useful.

---

(Followup to #3035)

[aakarshgopishetty]

Hi @titze,

I would love to contribute to this issue as part of my open-source journey and GSoC 2025 preparation. I have experience in cybersecurity and programming (Python, Java) and am eager to learn more about certificate pinning tests.

Before I start, I wanted to confirm:

1. Are there any specific guidelines or formats to follow for these tests?
2. Should I refer to existing tests for structure?
3. Is anyone else already working on this, or can I take it up?

Looking forward to your response! Thanks. 🚀

[cpholguera]

Hi @aakarshgopishetty, we cannot assign you any more issues until the ones you have assigned are closed after the corresponding pull requests have been successfully merged. Please check back once your PRs are merged and we can assign it to you if it's still unassigned. Thank you very much!