CERT Tapioca

CERT Tapioca is a network-layer man-in-the-middle (MITM) proxy VM that is based on UbuFuzz and is preloaded with mitmproxy. CERT Tapioca is available in OVA format, which should be compatible with a range of virtualization products, including VMware, VirtualBox, and others.

The primary modes of operation are

1) Checking for apps that fail to validate certificates:
Simply associate device to access point or connect to network and perform the activity. Any logged https traffic is from software that fails to check for a valid SSL chain.

2) Investigating traffic of any http/https traffic:
Install the root CA of the MITM software that you are using into the OS of the device that you are testing.

By default, mitmproxy and tcpdump are started on boot, clearing previous logs.The NAT network adapter (eth0) is the uplink, and the Custom network adapter (eth1) is the local side, serving up 192.168.1.0/24. For MITM testing wireless devices, bridge this adapter to a wireless access point. For MITM testing other VMs, connect eth1 to a virtual network shared with that machine.

For more details about CERT Tapioca, see the CERT/CC blog post Announcing CERT Tapioca for MITM Analysis or contact us.