mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-03 01:03:34 +08:00
22 lines
743 B
YAML
22 lines
743 B
YAML
id: android-user-certificates-trust
|
|
|
|
info:
|
|
name: Android Trusts User Certificates
|
|
author: Th3l0newolf
|
|
severity: medium
|
|
description: |
|
|
The application is configured to trust user-added certificates, which may allow an attacker to perform MITM attacks.
|
|
reference:
|
|
- https://developer.android.com/training/articles/security-config#TrustingUserCerts
|
|
tags: file,android
|
|
|
|
file:
|
|
- extensions:
|
|
- xml
|
|
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- '<certificates[^>]*\bsrc\s*=\s*"user"[^>]*/?>'
|
|
# digest: 4b0a00483046022100c49354d00cb21a14592d95fd090b3eab3db68873ef1922c543ab32e9098ca43c022100ce6675e4885679631dbf292c42c4f1de0964472b2d3fc7312744f1956962f867:922c64590222798bb761d5b6d8e72950 |