How to Enable Facebook White Hat Researcher Setting
Facebook have implemented a white hat secuirty testing setting that allows its users to test security over various Facebook services.
Facebook will knowingly break its Certificate Pinning mechanism for its users that use white hat settings. Pinning is used to improve security of a website that uses SSL. Pinning allows websites to allow or disallow a user by searching for a specific cryptographic identity. SSL Certificate Pinning techniques are often used to defend against sniffing attacks.
Whitehat Settings can be enabled by going to Facebook’s main app however Facebook Messenger instant messaging client and Instagram app is only supported for Android.
Facebook White hat settings has built-in proxy for that can be used for API interactions. Facebook White Hat settings have included a feature that can disable TLS 1.3 support.
To enable Facebook White Hat researcher settings go to
Once white hat researcher settings are enabled, a Whitehat Settings button will show up in each of the applications selected.
From the white hat researcher settings we can enable user installed CAs for your Facebook account and Facebook white hat test account.
Facebook Android App White Hat Settings can be found under Settings & Privacy.
Facebook Messenger App White Hat Settings can be found by clicking on your display picture and scrolling down to Internal.
It’s easy and best practice to turn White Hat Researcher settings off when we are not testing any Facebook applications.
Further instructions can be found at Facebook Help Page.