[Nottingham] New Burp Proxy cracks Android SSL

Dan Caseley dan at caseley.me.uk
Sat Aug 11 09:53:56 UTC 2012


Sounds like the same way Fiddler works on the desktop. It is an MITM
attack, but one you consent to, and one you have to put effort into
achieving.

On Aug 8, 2012 6:13 PM, "Mike Cardwell" wrote:
>
> On 08/08/12 16:54, Martin wrote:
>
> > Folks,
> >
> > To what's to stop this making a fool of all self-signed
> > certificates?...
> >
> >
> > New Burp Proxy cracks Android SSL
> >
http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html
>
> My
> >
> understanding is that you have to install the same CA that Burp
> Proxy uses, onto the phone. So any certs that Burp Proxy dynamically
> generates are signed using that trusted CA.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20120811/21f8080d/attachment.htm>


More information about the Nottingham mailing list