Any reason "finished" commented out?

ChrisMcMStone / Spinner

A tool for automatic black-box detection of missing hostname verification, including for applications that use certificate pinning.

https://chrismcmstone.github.io/Spinner/

20 stars 8 forks source link

Any reason "finished" commented out? #2

Closed NitinJami closed 6 years ago

NitinJami commented 6 years ago

First of all, this is awesome work. Thank you for sharing!

From the below code, the finished variable will never be set to True which means the output will never tell if the handshake succeeded. I have an app that does not perform domain validation, and the output shows some application data being transferred, however the output will eventually say HANDSHAKE FAILED.

https://github.com/ChrisMcMStone/spinner/blob/b183f06949e6710ea898b6e663ed60afdbb1638b/MITM.java#L221

ChrisMcMStone commented 6 years ago

Hi, thank you!

I've resolved that now. Appreciate you spotting this.

Chris