Skip to content

Version 1.3

Choose a tag to compare

View all tags
@matteounitn matteounitn released this 15 Feb 17:26
· 598 commits to master since this release
v1.3
aeee82e

Changelog 1.3

SUPER Integration

  • Integration of SUPERAnalyzer to scan android TLS Issues
  • tls_rules.json
  • parser.py (STIX Compliant)
  • Added mitigation (Android Related):
    • ACCEPT_ALL_SSL_CERTIFICATES
    • CERTIFICATE_OR_KEYSTORE_DISCLOSURE
    • OBFUSCATED_CODE
    • SSL_GET_INSECURE_METHOD
    • WEAK_ALGORITHMS
    • WEBVIEW_IGNORES_SSL_ERRORS

SLOTH Improvements

  • Added Mitigation:
    • SLOTH_MD5_Signature_TLS13
  • Improvement of the first attack vector (mutual authentication)
  • Added second attack vector (md5 signature check)
  • Overall Vulnerabilities checks:
    • TLS 1.3 Legacy Sign Algorithms
    • Sanity Checks
    • MD5 Signature
    • MD5 Signature in ClientHello

Other

  • Update testssl.sh to version 3.0.4 (Thanks to @NetBender )
  • BREACH CVE Update (Thanks to @NetBender )
  • ARIA2C for faster downloads (on installation)
  • Change VENV to python 3
  • Use mallodroid Python 3

Minor Improvements

  • Cleanup Fixes
Assets 2
Loading