<p>Sounds like the same way Fiddler works on the desktop. It is an MITM attack, but one you consent to, and one you have to put effort into achieving. <br></p>
<p>On Aug 8, 2012 6:13 PM, "Mike Cardwell" wrote:<br>
><br>
> On 08/08/12 16:54, Martin wrote:<br>
><br>
> > Folks,<br>
> ><br>
> > To what's to stop this making a fool of all self-signed<br>
> > certificates?...<br>
> ><br>
> ><br>
> > New Burp Proxy cracks Android SSL<br>
> > <a href="http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html">http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html</a><br>
><br>
> My<br>
> ><br>
> understanding is that you have to install the same CA that Burp<br>
> Proxy uses, onto the phone. So any certs that Burp Proxy dynamically<br>
> generates are signed using that trusted CA.</p>