Meta 通过旗下的安全软件 'Onavo Protect' 植入根证书并窃听用户网络流量 https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/
没什么技术含量,但是性质非常恶劣。手法简单,但是危害极大。
如果你不了解什么是 HTTPS 和根证书的话,可以参考我以前写的文章 https://blog.laisky.com/p/https-in-action/
简而言之:任何要求添加根证书的都是坏人,肯定是为了监控你!
没什么技术含量,但是性质非常恶劣。手法简单,但是危害极大。
如果你不了解什么是 HTTPS 和根证书的话,可以参考我以前写的文章 https://blog.laisky.com/p/https-in-action/
简而言之:任何要求添加根证书的都是坏人,肯定是为了监控你!
haxrob
How did Facebook intercept their competitor's encrypted mobile app traffic?
A technical investigation into information uncovered in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights.