Open sk3l10x1ng opened 1 month ago
@cpholguera please assign to me . will work on it
It's assigned to you now. We also have the corresponding weakness that is still to be completed. Would you like to work on that one at the same time?
https://mas.owasp.org/MASWE/MASVS-NETWORK/MASWE-0048/ https://github.com/OWASP/owasp-mastg/issues/2688
Ideally we'd
MASWE-0048
MASTG-TECH-XXXX
)MASTG-TEST-02XX
) referring to the new technique (MASTG-TECH-XXXX
).MASTG-DEMO-XXXX
) for that test using this tool NoPE Proxy (MASTG-TOOL-XXX
).We have some minimal content that could be used to create the technique: https://mas.owasp.org/MASTG/0x04f-Testing-Network-Communication/#intercepting-non-http-traffic
Our V1 tests for Android and iOS have a paragraph about this
Interception proxies like Burp and OWASP ZAP will show HTTP(S) traffic only. You can, however, use a Burp plugin such as Burp-non-HTTP-Extension or the tool mitm-relay to decode and visualize communication via XMPP and other protocols.
NoPE Proxy serves as a Burp Suite Extension designed for proxying Non-HTTP Traffic.
Link: https://github.com/summitt/Nope-Proxy