Lack of SSL Certificate Validation
The Webview class com.insecureshop.util.CustomWebViewClient
contains the following code:
The code overrides the SSLError and proceeds with the attacker provided certificate. This makes the app vulnerable to MITM attacks.
This implies any HTTPS website loaded within webview can be intercepted by an attacker on the same network.
The attack scenario works as follows:
The easiest way to check such misconfiguration is to remove Burp CA cert from the mobile device and check if you can still intercept HTTPS traffic? If yes, then the application failed to validate SSL certificate.
You can also use the Nuclei template certificate-validation.yaml
on a decompiled Android app to identify this misconfiguration.
Last updated