Mitm implementations usually create a custom certificate that is meant to be installed on the relevant devices.
Currently this module poses a huge security risk because it indiscriminately accepts any certificates letting malicious actors do man-in-the-middle attacks very easily.
For security purposes it would be great not to validate any certificates but only system certificates + custom certificates that the user picks. Could rely for example on the user certificates store or a custom directory containing the whitelisted certificates.
Thanks a lot!
Mitm implementations usually create a custom certificate that is meant to be installed on the relevant devices.
Currently this module poses a huge security risk because it indiscriminately accepts any certificates letting malicious actors do man-in-the-middle attacks very easily.
For security purposes it would be great not to validate any certificates but only system certificates + custom certificates that the user picks. Could rely for example on the user certificates store or a custom directory containing the whitelisted certificates.
Thanks a lot!