One way ssl and mitm

mproxy · August 29, 2019, 5:39pm

There are thousands of devices connecting to a server in the cloud with one way SSL where cloud has CA signed cert installed.

Assuming device does proper SSL cert validation when connecting to the server and fails the connection if there is validation failure, Is it possible to still perform MiTM to inspect (possible modify) the SSL traffic? If Yes, how?

FranklinYu · August 30, 2019, 1:52pm

For first question, if the device only verifies certificate normally like it should, then you can install the root certificate of MITM proxy to the trust store of the device. Note that this only works for Android 6 or below.

Topic		Replies	Views
HTTPS Sniffing on Android (Certificate Pinning)	4	14174	January 31, 2018
[Mitmproxy] Android Apps help	1	931	November 29, 2017
Use mitmproxy to add cert pinning to an app help	1	1390	May 30, 2018
Plugin for testing SSL certificate MITM attacks help	3	905	May 17, 2018
IP address as interception certificate's CN help	1	849	May 30, 2017

One way ssl and mitm

Related Topics