[Android Pro] Network traffic Security Test tool Nogotofail

Reference to:http://www.freebuf.com/tools/50324.html

From serious Heartbleed vulnerabilities to Apple's gotofail vulnerabilities, to the recent SSL V3 poodle vulnerabilities ... We have seen the huge disaster caused by the vulnerability of network traffic. So "valley Man" came! Google has recently developed a tool,--nogotofail, that can help developers detect security breaches in network traffic classes.

Keep all networked devices protected from TLS and SSL encryption vulnerabilities

Android security engineer Chad Brubaker says the ultimate goal of the development nogotofail is to protect all networked devices and applications from TLS and SSL encryption vulnerabilities.

Nogotofail detection includes general SSL certificate validation issues, HTTPS and SSL/TLS library vulnerabilities and misconfiguration issues, SSL and STARTTLS Detachment (stripping) issues, plaintext traffic issues, and more.

Brubaker wrote in his blog:

Google is working to get all applications and servers to use TLS/SSL, but there is no way to make https popular. At the same time, HTTPS needs to be used correctly. For example, many platforms and devices now have security defaults, but when the application becomes more complex, it connects to more servers and uses more third-party libraries ... It is easy to have security problems.

Nogotofail is co-developed by Android engineer Chad Brubaker, Alex Klyubin and Geremy Condra for Android, IOS, Linux, Windows, Chrome OS, OSX, and any networked device.

Google also said that the Nogotofail tool has been used within Google for some time ...

Nogotofail requires Python 2.7 and Pyopenssl 0.13 or later. The tool is now available in gitub and can be used by everyone, and it is hoped that many suggestions and additions will be made to make the Internet more secure.

Https://github.com/google/nogotofail

[Android Pro] Network traffic Security Test tool Nogotofail