Google open sources nogotofail, a network traffic security testing tool
In their quest to make users, the Internet, and digital devices in general more secure, a number of big Internet companies have recently announced a new collaboration that will focus on making open source projects “easier for everyone”.
Some companies have begun open sourcing their own projects. For example, Facebook recently did it with osquery, a framework that allows developers to explore and analyze operating systems.
Netflix released some of its internally developed tools for detecting planned attacks on target infrastructure.
Google has announced today that it has released nogotofail as an open source project.
“Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more,” they explained on the project page.
“Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy,” shared Android Security Engineer Chad Brubaker.
The company has invited users to use the tool and to add new features to it, if they are so inclined.