HTTPS in Xpress Browser
In order to optimize mobile traffic, Nokia in Xpress browsers redirects traffic to its own proxy server. HTTPS traffic is also redirected. The proxy server establishes a normal HTTPS connection with the web service, receiving client data in clear text. Then it optimizes them and sends it to the user through its encrypted connection with the client. That is, on Nokia servers, our private data (passwords to the client bank, credit card numbers, etc.) are present in the clear. Classic Man In The Middle.
Nokia Xpress Browser Service Terms
Secure Traffic (HTTPS): There are links to the destination website. AES encryption or by HTTPS / SSL encryption. Secured by HTTPS / SSL encryption. Your Web pages are securely transmitted to the device. It’s not a problem. Nokia will not store or access this information for any other purpose.
technical details here:
http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
UPD: changed the yellow header “Nokia: we are decrypting your HTTPS traffic” to more relaxed :)
')
UPD: According to Guarang, this behavior is not observed after updating Xpress browser. Https traffic is now simply transmitted through the Nokia server.
Nokia Xpress Browser Service Terms
Secure Traffic (HTTPS): There are links to the destination website. AES encryption or by HTTPS / SSL encryption. Secured by HTTPS / SSL encryption. Your Web pages are securely transmitted to the device. It’s not a problem. Nokia will not store or access this information for any other purpose.
technical details here:
http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
UPD: changed the yellow header “Nokia: we are decrypting your HTTPS traffic” to more relaxed :)
')
UPD: According to Guarang, this behavior is not observed after updating Xpress browser. Https traffic is now simply transmitted through the Nokia server.
Source: https://habr.com/ru/post/166989/
All Articles