I don't even attempt to circumvent SSL pinning. IMO it's easier and safer to use Cydia substrate to decorate the networking classes to print args and return values to the console. I've reversed a few APIs in this way, including a bank's.
> From a penetration testing perspective, this may cause practical problems<p>I was super confused what they were talking about, until I remembered that "penetration testing" really just means "penetration", not "testing", it's just a euphemism for "attacking". I think?