Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

New Features Added to CERT Tapioca Tool

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University this week announced the launch of a new version of the network traffic analysis tool CERT Tapioca.

The CERT Coordination Center (CERT/CC) at Carnegie Mellon University this week announced the launch of a new version of the network traffic analysis tool CERT Tapioca.

CERT Tapioca was first released in 2014 as a network-layer man-in-the-middle (MITM) proxy virtual machine designed for identifying apps that fail to validate certificates and investigating the content of HTTP and HTTPS traffic.

CERT Tapioca has been used to identify Android applications that fail to properly validate SSL certificates and expose users to MitM attacks. More than one million apps have been checked and over 23,000 of them failed dynamic testing.

The tool can be used to analyze network traffic not only on smartphones, but also on IoT devices, computers and VMs.

Will Dormann, vulnerability analyst at CERT/CC and developer of CERT Tapioca, on Thursday announced the release of version 2.0, which introduces a graphical user interface and can be installed on multiple Linux distributions, including Red Hat, CentOS, Fedora, Ubuntu, OpenSUSE, and Raspbian.

CERT Tapioca

CERT Tapioca 2.0 also allows users to set up a HOSTAP-compatible Wi-Fi adapter for wireless connectivity, and it can save results from multiple tested systems.

Advertisement. Scroll to continue reading.

In addition to checking HTTPS validation, verifying an application’s use of modern cryptography standards, and observing the hosts contacted by an application, Tapioca now allows users to search network traffic for specified strings, such as passwords.

The CERT Tapioca 2.0 source code, along with additional details and usage instructions, are available on GitHub.

Related: Kaspersky Releases Open Source Digital Forensics Tool

Related: Secureworks Releases Open Source IDS Tools

Related: UK’s GCHQ Spy Agency Launches Open Source Data Analysis Tool

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.