With IOS I’ve used the keylog strategy and it is very effective. IOS uses boringssl and the library calls a function to log the secret but this function never does anything normally. However, you can either trampoline this function to log the secret or modify the ssl context to add your own logger function. This is all public knowledge and you can find Frida scripts that will dump the TLS secrets.

And this can be used to defeat certificate pinning?

I just realized you would just be sniffing the data unencrypted rather than setting up any proxy or root cert, so this question doesn't make sense.