[
https://issues.apache.org/jira/browse/CB-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Niek Heezemans updated CB-9014:
-------------------------------
Affects Version/s: 5.0.0
Fix Version/s: 5.0.0
> Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
> ---------------------------------------------------------------
>
> Key: CB-9014
> URL: https://issues.apache.org/jira/browse/CB-9014
> Project: Apache Cordova
> Issue Type: Bug
> Components: CordovaLib, iOS
> Affects Versions: 3.8.0, 5.0.0
> Environment: iPhone5s - iOS 8.3 / iPad4 iOS8.3
> Reporter: Niek Heezemans
> Labels: security
> Fix For: 3.8.0, 5.0.0
>
>
> I manually added a Proxy (Burp Suite) to my Wifi Connection and let my App
> connect to a server with a valid SSL certificate threw a jQuery Ajax call.
> Burp generates its own CA certificate (Self Signed) but this is not detected
> by Cordova.
> I can read all the Requests and Responses to and from my secure server within
> Burp.
> This happens on both Debug as well as on the Enterprise Signed IPA.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
