|
|
|
|
|
|
by theEXTORTCIST
3069 days ago
|
|
|
There is the issue of the TLS connection of images fetched in the app (other things too?) being tied to a domain without a valid cert. In other words, you could MITM the TLS session between the wifi user and the Tindr servers for AT LEAST photos within the app, perhaps more (authentication? other app behavior?). Because the app isn't strictly enforcing the validation of the cert of the photos domain it's trying to reach to pull photos, your MITM server is free to serve to the app as if it was the server on the Internet. |
|
|