[Nottingham] New Burp Proxy cracks Android SSL

Mike Cardwell nlug at lists.grepular.com
Wed Aug 8 17:11:38 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 08/08/12 16:54, Martin wrote:

> Folks,
> 
> To what's to stop this making a fool of all self-signed 
> certificates?...
> 
> 
> New Burp Proxy cracks Android SSL 
> http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html

My
> 
understanding is that you have to install the same CA that Burp
Proxy uses, onto the phone. So any certs that Burp Proxy dynamically
generates are signed using that trusted CA.

- -- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBCgBwBQJQIp48MBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBM4QB/9dqp9POikX
bfeUpuVecHH69nf3SrfBKi4MCib3x81lF3TRF0HZHB30pfO0yHTXY/Od585Qmpxa
BvW7gjGGlnh5Jvr+jmQ4qucrdbsWWFsNxdRLb5+MdrqAgykCbrkHcz+89cmvaNwT
cuWQnDfPDMknaH8ulPo2h2CIHsKLf/PCPEY0LNQRIzS0xxV5mePrd7p0dzTy/ips
qn6mQpuQXlC8XmLjdj26jQOqObsPNMNzDllUdsKNxXwvmCZGwKD8f8rx7zv/mFaI
wfYoUmvssgIOMPK3bLO27aS+37lxZZ3R156c9AP/FuqT5vGBs0U9gwO45yABJflx
tqnkkT3X5Ciq
=Xinv
-----END PGP SIGNATURE-----



More information about the Nottingham mailing list