How to Enable Facebook White Hat Researcher Setting

white hat settings
Spread the love

How to Enable Facebook White Hat Researcher Setting


Facebook have implemented a white hat secuirty testing setting that allows its users to test security over various Facebook services.


Facebook will knowingly break its Certificate Pinning mechanism for its users that use white hat settings. Pinning is used to improve security of a website that uses SSL. Pinning allows websites to allow or disallow a user by searching for a specific cryptographic identity. SSL Certificate Pinning techniques are often used to defend against sniffing attacks.


Whitehat Settings can be enabled by going to Facebook’s main app however Facebook Messenger instant messaging client and Instagram app is only supported for Android.


Facebook White hat settings has built-in proxy for that can be used for API interactions. Facebook White Hat settings have included a feature that can disable TLS 1.3 support.


To enable Facebook White Hat researcher settings go to


white hat settings
Image shows Facebook White Hat Researcher settings.


Once white hat researcher settings are enabled, a Whitehat Settings button will show up in each of the applications selected.

From the white hat researcher settings we can enable user installed CAs for your Facebook account and Facebook white hat test account.


Facebook Android App White Hat Settings can be found under Settings & Privacy.


Facebook Messenger App White Hat Settings can be found by clicking on your display picture and scrolling down to Internal.


facebook messenger


It’s easy and best practice to turn White Hat Researcher settings off when we are not testing any Facebook applications.


Further instructions can be found at Facebook Help Page.


If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

yoast seo premium free

Spelling error report

The following text will be sent to our editors: