cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niek Heezemans (JIRA)" <>
Subject [jira] [Commented] (CB-9014) Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
Date Wed, 13 May 2015 21:11:59 GMT


Niek Heezemans commented on CB-9014:


If neccessary please remove the issue and I'll send an Email with the steps for reproduction.
Thanks for the reply.

Met vriendelijke groet / Kind regards,

Niek Heezemans
Enterprise Mobility Consultant

Ringwade 1, 3439 LM Nieuwegein
Telefoon: +31(0)30 663 70 00<tel:+31(0)30%20663%2070%2000>
Mobiel: +31(0)61 076 12 19<tel:+31(0)61%20076%2012%2019><>

Clockwork wint Quli DIA award 2014 categorie Best Service
Ordina wint Computable Award voor beste ICT-Dienstverlener van 2014

On Wed, May 13, 2015 at 12:35 PM -0700, "Shazron Abdullah (JIRA)" <<>>


Shazron Abdullah commented on CB-9014:

If this is a security issue, reports should be sent to instead,
with steps to ensure a reproduction, and for evaluation. This should never be reported in
a public issue tracker.


I'll leave this up until tonight until you can get to it (you should get an email anyway)
-- we can correspond privately at shazron (at) apache (dot) org for next steps if you have
more questions.

This message was sent by Atlassian JIRA

> Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
> ---------------------------------------------------------------
>                 Key: CB-9014
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: CordovaLib, iOS
>    Affects Versions: 3.8.0, 5.0.0
>         Environment: iPhone5s - iOS 8.3 / iPad4 iOS8.3
>            Reporter: Niek Heezemans
>              Labels: security
>             Fix For: 3.8.0, 5.0.0
> I manually added a Proxy (Burp Suite) to my Wifi Connection and let my App connect to
a server with a valid SSL certificate threw a jQuery Ajax call. Burp generates its own CA
certificate (Self Signed) but this is not detected by Cordova.
> I can read all the Requests and Responses to and from my secure server within Burp.
> This happens on both Debug as well as on the Enterprise Signed IPA.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message