Android Trusts User Certificates

ID: android-user-certificates-trust

Severity: medium

Author: Th3l0newolf

Tags: file,android

Description

The application is configured to trust user-added certificates, which may allow an attacker to perform MITM attacks.

YAML Source

id: android-user-certificates-trust

info:
  name: Android Trusts User Certificates
  author: Th3l0newolf
  severity: medium
  description: |
    The application is configured to trust user-added certificates, which may allow an attacker to perform MITM attacks.
  reference:
    - https://developer.android.com/training/articles/security-config#TrustingUserCerts
  tags: file,android

file:
  - extensions:
      - xml

    matchers:
      - type: regex
        part: body
        regex:
          - '<certificates[^>]*\bsrc\s*=\s*"user"[^>]*/?>'
# digest: 4b0a00483046022100c49354d00cb21a14592d95fd090b3eab3db68873ef1922c543ab32e9098ca43c022100ce6675e4885679631dbf292c42c4f1de0964472b2d3fc7312744f1956962f867:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "file/android/android-user-certificates-trust.yaml"

View on Github