Dynamic Analysis

iOS Dynamic Analysis

iOS Dynamic analysis is the testing and evaluation of an iOS application by executing data in real-time. The objective is to find errors in the application while it is running, rather than by repeatedly examining the code offline.

Dynamic Analysis results are displayed in json objects with the following names:

  • kind“: Type of analysis test (static or dynamic)
  • key“: Contains the value of the static analysis test title used for testing purposes
  • title“: Title of the specific static analysis test
  • category“: Category of the specific static analysis test
  • summary“: Summary of the specific static analysis test
  • cvss“: Common Vulnerability Scoring System (CVSS) The universal, open and standardized method for rating IT vulnerabilities and determining the urgency of response
  • regulatory“: Security and compliance regulations

If a specific dynamic analysis test is found vulnerable, a json array with the following names under the regulatory category:

  • cwe“: The “CWE” or “Common Weakness Enumeration category is displayed in a json array with id and url of each specifc software weakness(es) found during static analysis.

  • owasp“: The “OWASP” or “Open Web Application Security Project” category is displayed in a json array with id and url of each specific mobile security risk(s) found during static analysis.

Example:

{
    "kind": "dynamic",
    "key": "afnetworking",
    "title": "AFNetworking Implementation",
    "category": "code",
    "summary": "Checks the security of the AFNetworking library's implementation setting, which allows developers to add networking functionality to their applications.",
    "cvss": "7.1",
    "regulatory": {}
    }

If an application was not found to be vulnerable or affected by this specific dynamic analysis test, the results will display in json objects with the following names and values:

  • affected“: Boolean value (true or false) that states whether the application is affected by the specific static analysis test
  • severity“: If the application is not vulnerable to a specific static analysis test, the severity value will display “pass”
  • description“: Description of the static analysis test result

Example:

"affected": false,
    "severity": "pass",
    "description": "Your application is using an updated version of the AFNetworking library.",
    "context": {
      "title": "Tests",
      "fields": {
        "name": {
          "title": "Name"
        },
        "tests": {
          "title": "Tests"
        }
      },
      "rows": [
        {
          "name": "AFSecurityPolicy",
          "tests": [
            "testDefaultPolicyIsSetToAFSSLPinningModeNone: true",
            "testDefaultPolicyFailsToEvaluateServerTrustFromSelfSignedCertificate: true"
          ]
        },
        {
          "name": "MVAFSecurityPolicy",
          "tests": [
            "testDefaultPolicyIsSetToAFSSLPinningModeNone: true",
            "testDefaultPolicyFailsToEvaluateServerTrustFromSelfSignedCertificate: true"
          ]
        }
      ]
    }
  }

If an application was found to be vulnerable and affected by this specific dynamic analysis test, the results will display in json objects with the following names and values:

  • affected“: Boolean value (true or false) that states whether the application is affected by the specific static analysis test
  • category“: Category of the specific static analysis test
  • severity“: If the application is vulnerable to a specific static analysis test, the severity values range from “high”, “medium”, and “low”
  • cvss“: Common Vulnerability Scoring System (CVSS) The universal, open and standardized method for rating IT vulnerabilities and determining the urgency of response
  • title“: Title of the specific static analysis test
  • cwe“: The “CWE” or “Common Weakness Enumeration category is displayed in a json array with id and url of each specifc software weakness(es) found during static analysis.
  • description“: Description of the static analysis test result
  • recommendation“: Recommendation on how to fix the issue or vulnerability

Example:

{
    "affected": true,
    "issue": {
      "severity": "high",
      "cvss": "7.1",
      "title": "AFNetworking vulnerability detected",
      "description": "Your application was found to be using an outdated version of the AFNetworking library. This vulnerability was patched as of version 2.5.2, however, if an older version is used, it allows all the SSL traffic to be intercepted and decrypted in a standard man-in-the-middle environment.",
      "recommendation": "You should update the AFNetworking library bundled with the application to version 2.5.2 or later.",
      "pass": "Your application is using an updated version of the AFNetworking library."
    },
    "severity": "high",
    "description": "Your application was found to be using an outdated version of the AFNetworking library. This vulnerability was patched as of version 2.5.2, however, if an older version is used, it allows all the SSL traffic to be intercepted and decrypted in a standard man-in-the-middle environment.",
    "recommendation": "You should update the AFNetworking library bundled with the application to version 2.5.2 or later.",
    "context": {
      "title": "Tests",
      "fields": {
        "name": {
          "title": "Name"
        },
        "tests": {
          "title": "Tests"
        }
      },
      "rows": [
        {
          "name": "AFSecurityPolicy",
          "tests": [
            "testDefaultPolicyIsSetToAFSSLPinningModeNone: true",
            "testDefaultPolicyFailsToEvaluateServerTrustFromSelfSignedCertificate: false"
          ]
        }
      ]
    }
  }

Sensitive Data in Transit (no encryption)

  • Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP). Sensitive data that is searched currently includes Username, Password, GPS Coordinates, Wifi Mac Address, IMEI, Device Serial Number, and Phone number.

Example:

{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_no_encryption",
    "title": "Sensitive Data in Transit (no Encryption)",
    "category": "network",
    "summary": "\n    Traffic is analyzed to determine if any sensitive data is transmitted insecurely over the network without encryption (i.e. HTTP).\n    Sensitive data that is searched currently includes Username, Password, GPS Coordinates,\n    Wifi Mac Address, IMEI, Device Serial Number, and Phone number.\n  ",
    "cvss": 8.2,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "high",
      "cvss": 8.2,
      "title": "Sensitive data intercepted in transit without encryption",
      "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
      "pass": "\n    None of the sensitive values that were searched were recovered from unencrypted application traffic.\n  ",
      "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  "
    },
    "severity": "high",
    "description": "\n    One or more sensitive values were intercepted in transit. This is a high risk vulnerability as it is possible for an attacker on the same network to easily retrieve this information.\n    It is encouraged to review the table below, which displays the type of data that was intercepted, whether it is sent in plain text or a special encoding, the actual value that was recovered, and the URL related to this violation.\n  ",
    "recommendation": "\n    Enforce the use of SSL/TLS for all transport channels in which sensitive information, session tokens, or other sensitive data is going to be communicated to a backend API or web service. \n    Properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  ",
    "context": {
      "rows": [
        {

Sensitive Data in Transit (with encryption)

  • Searches for sensitive data that can be intercepted over the network due to improper certificate validation. Sensitive data currently includes Username, Password, GPS Coordinates, Wifi Mac Address, IMEI, Device Serial Number, and Phone number. This is related to the Broken SSL issue.

TLS Traffic With Sensitive Data

  • This test utilizes methods to proxy all TLS/SSL communications sent by the application. During this process, we search the traffic for sensitive search values, including Username, Password, GPS coordinates, WiFi Mac Address, IMEI, Serial Number, and Phone Number.

Example:

{
    "kind": "dynamic",
    "key": "ipa_sensitive_data_cert_validation",
    "title": "TLS Traffic with sensitive data",
    "category": "network",
    "summary": "\n      This test utilizes methods to proxy all TLS/SSL communications sent by the application. During this process, we search\n      the traffic for sensitive search values, including Username, Password, GPS coordinates, WiFi Mac Address, IMEI, Serial\n      Number, and Phone Number.\n      \n      **Note:  During this test, we are not checking for certificate validation or pinning. We are bypassing any validation or\n      pinning techniques in order to successfully proxy app communications. Checks for certificate validation are in development\n      and will be included in a future release.**\n    ",
    "cvss": 1.6,
    "regulatory": {},
    "affected": true,
    "issue": {
      "category": "network",
      "severity": "low",
      "cvss": 1.6,
      "title": "Sensitive Values Retrieved from Encrypted HTTPS Traffic",
      "description": "\n    One or more sensitive values were intercepted while proxying SSL/TLS app communications. If certificate validation or\n    pinning has been properly implemented, this item is informational. If the application is not doing any type of \n    certificate validation, the risk is much higher, as it would be possible for an attacker on the same network to intercept\n    this data.\n  ",
      "pass": "\n    None of the sensitive values that were searched were recovered from the proxied SSL/TLS app communications.\n  ",
      "recommendation": "\n    If the application is already doing certificate validation/pinning, no recommendation is required. Otherwise, it is recommended to properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  "
    },
    "severity": "low",
    "description": "\n    One or more sensitive values were intercepted while proxying SSL/TLS app communications. If certificate validation or\n    pinning has been properly implemented, this item is informational. If the application is not doing any type of \n    certificate validation, the risk is much higher, as it would be possible for an attacker on the same network to intercept\n    this data.\n  ",
    "recommendation": "\n    If the application is already doing certificate validation/pinning, no recommendation is required. Otherwise, it is recommended to properly validate the SSL/TLS certificate to ensure it is signed by a trusted certificate authority (CA) as well as contains the correct hostname.\n    An even more secure approach is to use Certificate Pinning to mitigate the possibility of SSL/TLS weaknesses. Certificate Pinning is making sure the client checks the server's certificate against a known copy of that certificate. Simply bundle your server's certificate inside your application, and make sure any SSL/TLS request first validates that the server's certificate exactly matches the bundle's certificate.\n    For some apps, Certificate Pinning may be impossible to do. If your app allows users to enter in their own domain names to connect to services, then you have no opportunity to embed that certificate. However, if your app is intended to connect to a known server, or set of servers, you have all the information you need to guarantee that client is indeed talking directly to the server and without a man in the middle eavesdropping.\n  ",
    "context": {
      "rows": [
        {
          "src": {
            "ip": "172.17.0.1",
            "port": 48041
          },
          "date": "2017-02-15T15:44:55.458515",
          "dest": {
            "name": "graph.facebook.com",
            "port": 443
          },
          "issue": "sensitive_data_flow",
          "base64": true,
          "content": "SURGQV9GTEFHPTEmTkVUV09SS19UWVBFPTEmT1NWRVJTPTguNCZJREZBPURFQURCRUVGLTEyMzQtMTIzNC0xMjM0LTEyMzQ1Njc4OUFCQyZTRUNVUklUWV9ESVNBQkxFRD0xJlNES19DQVBBQklMSVRZPSU1QjMlMkM0JTJDNSUyQzclMkM5JTJDMTAlMkMxMiU1RCZIRUlHSFQ9LTEmU0NSRUVOX0hFSUdIVD01NjgmQlVORExFPWNvbS5pamluc2hhbi5iZWlqaW5nLmtiYXR0ZXJ5ZG9jdG9yJkFQUEJVSUxEPTcuNC44LjMmbG9jYWxlPWVuJlNDUkVFTl9XSURUSD0zMjAmT1M9aU9TJkFQUFZFUlM9Ny40LjgmTUFLRT1BcHBsZSZBREFQVEVSUz1BTiZERU5TSVRZPTIuMDAwMDAwJlNESz1pb3MmUExBQ0VNRU5UX0lEPTMzNjkmTlVNX0FEU19SRVFVRVNURUQ9MyZURU1QTEFURV9JRD0yMDAmQ09QUEE9MCZTREtfVkVSU0lPTj00LjE0LjAmV0lEVEg9LTEmTU9ERUw9aVBob25lNiUyQzEmVk9MVU1FPTAuNSZDTElFTlRfRVZFTlRTPQ==",
          "headers": {
            "host": "graph.facebook.com",
            "Accept": "*/*",
            "Connection": "keep-alive",
            "User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12H143 [FBAN/AudienceNetworkForiOS;FBDV/iPhone6,1;FBMD/N51AP;FBSN/iPhone OS;FBSV/8.4;FBLC/en;FBAB/com.ijinshan.beijing.kbatterydoctor;FBAV/7.4.8;FBBV/7.4.8.3]",
            "Content-Type": "application/x-www-form-urlencoded",
            "Content-Length": "466",
            "Accept-Encoding": "gzip, deflate",
            "Accept-Language": "en-us",
            "Proxy-Connection": "keep-alive"
          },
          "full_url": "https://graph.facebook.com/network_ads_common/",
          "protocol": "http",
          "searched_data": "IDFA_FLAG=1&NETWORK_TYPE=1&OSVERS=8.4&IDFA=DEADBEEF-1234-1234-1234-123456789ABC&SECURITY_DISABLED=1&SDK_CAPABILITY=%5B3%2C4%2C5%2C7%2C9%2C10%2C12%5D&HEIGHT=-1&SCREEN_HEIGHT=568&BUNDLE=com.ijinshan.beijing.kbatterydoctor&APPBUILD=7.4.8.3&locale=en&SCREEN_WIDTH=320&OS=iOS&APPVERS=7.4.8&MAKE=Apple&ADAPTERS=AN&DENSITY=2.000000&SDK=ios&PLACEMENT_ID=3369&NUM_ADS_REQUESTED=3&TEMPLATE_ID=200&COPPA=0&SDK_VERSION=4.14.0&WIDTH=-1&MODEL=iPhone6%2C1&VOLUME=0.5&CLIENT_EVENTS=",
          "encoded_format": "original",
          "data_value_type": "devinfo:iosVersion",
          "additional_context": [
            "Found in HTTPS traffic",
            "Contained in HTTP Content body"
          ],
          "sensitive_data_value": "8.4"
        }

Broken SSL Check

  • Determines whether the application is performing proper certificate validation and hostname verification. Lack of proper certificate validation could result in sensitive data being intercepted by a man-in-the-middle attack.

Example:

{
    "kind": "dynamic",
    "key": "ipa_broken_ssl",
    "title": "Broken SSL Check",
    "category": "network",
    "summary": "\n    Determines whether the application is performing proper \n    certificate validation and hostname verification. Lack of proper \n    certificate validation could result in sensitive data being intercepted \n    by a man-in-the-middle attack.\n  ",
    "cvss": 7.4,
    "regulatory": {
      "cwe": [
        {
          "id": 319,
          "url": "https://cwe.mitre.org/data/definitions/319.html"
        }
      ],
      "owasp": [
        {
          "id": "Mobile Top 10: M3-Insufficient Transport Layer Protection",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M3"
        }
      ]
    },
    "affected": false,
    "severity": "pass",
    "description": "\n    For the connections that were observed during the analysis of this app (see URLs below), broken SSL issues were not identified. \n    This indicates the application is performing proper certificate validation and hostname verification for these connections. By\n    exercising additional app functionality, it is possible that there are other connections with broken ssl.\n  "
  }

SQLite Results

  • While performing dynamic analysis, the application was observed to interact with a SQLite database, which could indicate where in the file system the application is storing user or application data. This informational result displays SQLite related activity, including the name of the file (and path where it is stored), SQLite queries that were observed, and the results for those queries.

Example:

"sqlite": {
          "misc": [
            {
              "args": {
                "size": 1025,
                "buffer": "/var/mobile/Containers/Data/Application/E4633C03-4C88-42A0-B921-986B49D84647/Documents/KMobSDKDefaultFile/KMobSDK.db",
                "format": "%s"
              },
              "name": "sqlite3_snprintf",
              "scope": "SQLite",
              "result": "/var/mobile/Containers/Data/Application/E4633C03-4C88-42A0-B921-986B49D84647/Documents/KMobSDKDefaultFile/KMobSDK.db",
              "timestamp": 1487173227645
            },
            {
              "args": {
                "zFile": null,
                "zParam": "psow",
                "bDefault": 1
              },
              "name": "sqlite3_uri_boolean",
              "scope": "SQLite",
              "result": 1,
              "timestamp": 1487173227651
            }

Keychain

  • This section highlights any activity where the app calls the iOS Keychain. The table in this section displays when keychain items are created, deleted, or queried in some way.
"keychain": {
          "events": [
            {
              "name": "SecItemCopyMatching",
              "params": {
                "query": {
                  "class": "genp",
                  "r_Data": 1,
                  "m_Limit": "m_LimitOne",
                  "kSecAttrAccount": "com.tendcloud.udid",
                  "kSecAttrService": "com.tendcloud.udid",
                  "kSecAttrAccessible": "kSecAttrAccessibleAfterFirstUnlock"
                }
              },
              "warning": "The data is always accessible, even when the device is locked"
            },
            {
              "name": "SecItemCopyMatching",
              "params": {
                "query": {
                  "class": "genp",
                  "r_Data": 1,
                  "m_Limit": "m_LimitOne",
                  "kSecAttrAccount": "<466c7572 72795365 7373696f 6e54696d 65737461 6d704b65 79>",
                  "kSecAttrGeneric": "<466c7572 72795365 7373696f 6e54696d 65737461 6d704b65 79>",
                  "kSecAttrService": "com.ijinshan.beijing.kbatterydoctorcom.flurry.analytics"
                }
              }
            }

Network Data

  • An NSURLConnection object allows the developer to load the contents of a URL by providing a URL request object. By performing dynamic analysis of the iOS application, we are able to provide details on network connections made by the app. The table below highlights each of these connections, and provides contextual data including the type of NSURLConnection, as well as the associated method, URL, body, status code, and data.
"network": {
          "urls": [
            "https://ssdk.adkmob.com/b/?action=get_config&mid=1901",
            "http://pingma.qq.com/mstat/report",
            "http://cgi.connect.qq.com/qqconnectopen/openapi/policy_conf?format=json&status_version=8&status_machine=iPhone6%2C1&oauth_consumer_key=100261609&status_os=8.4&sdkv=3.0_lite&client_id=100261609&sdkp=i",
            "http://fusion.qq.com/cgi-bin/qconn_share/check_app_limit.cgi?format=json&status_version=8&status_machine=iPhone6%2C1&oauth_consumer_key=100261609&status_os=8.4&sdkv=3.0_lite&sdkp=i&appid=100261609",
            "http://up.ios.ijinshan.com/kbatterydoctor/lu2quick",
            "http://setting.rayjump.com/setting?app_id=25516&app_version_name=7.4.8&idfa=DEADBEEF-1234-1234-1234-123456789ABC&idfv=CAFEBABE-1234-1234-1234-123456789ABC&language=en&mcc=&mnc=&model=iPhone6%2C1&network_type=1&openidfa=09D9F5C4-8E3F-92CF-C73F-CDC0CDEE436C&orientation=1&os_version=8.4&package_name=com.ijinshan.beijing.kbatterydoctor&platform=2&screen_size=320.000000x568.000000&sdk_version=MI_1.4.5&sign=cf0be30fa18f9355d188325876655abd&timezone=GMT&useragent=unknown"
            ]
          }

System Log Messages

  • Debug logs are generally designed to be used to detect and correct flaws in an application. These logs can leak sensitive information that may help an attacker create a more powerful attack. In this test, the system log files are analyzed for existence of sensitive user or application data.

Example:

{
    "kind": "dynamic",
    "key": "asl",
    "title": "System Log Messages",
    "category": "artifact",
    "summary": "Debug logs are generally designed to be used to detect and correct flaws in an application. These logs can leak sensitive information that may help an attacker create a more powerful attack. In this test, the system log files are analyzed for existence of sensitive user or application data.",
    "regulatory": {},
    "affected": true,
    "context": {
      "fields": {
        "Message": {
          "title": "Messages"
        }
      },
      "rows": [
        {
          "Message": "[Crashlytics] Version 3.8.1 (117)"
        },
        {
          "Message": "[INFO/SDK]: MySpinServerSDK Version: 1.3.5.2 (none)"
        },
        {
          "Message": "[ERROR/SDK]: -[EDManager applyLaunchOptions] [Line 1189] EDManager not started yet. Cannot call method -[EDManager applyLaunchOptions]."
        },
        {
          "Message": "[1] SDLIAPTransport Listening For Events"
        },
        {
          "Message": "[1] SDLIAPTransport Init"
        },
        {
          "Message": "[1] Attempting To Connect"
        },
        {
          "Message": "[1] No accessory supporting a required sync protocol was found."
        },
        {
          "Message": "[1] SDLProxy initWithTransport"
        },
        {
          "Message": "| RAPI: WARNING: [RAPIEntertainmentAppLink setAppName] called while not being connnected to the car"
        },
        {
          "Message": "| RAPI: [IF] setAppName:'Spotify'"
        },
        {
          "Message": "| RAPI: [IF] postAudioServiceAvailability:2"
        },
        {
          "Message": "*** -[NSKeyedUnarchiver initForReadingWithData:]: data is NULL"
        },
        {
          "Message": "08:59:04.321 ERROR:     [Main thread] 235: error -66748 from registration server"
        },
        {
          "Message": "\\t[Adjust]a: PRODUCTION: Adjust is running in Production mode. Use this setting only for the build that you want to publish. Set the environment to `sandbox` if you want to test your app!"
        },
        {
          "Message": "\\t[Adjust]d: Delegate implements adjustEventTrackingSucceeded:"
        },
        {
          "Message": "\\t[Adjust]d: Delegate implements adjustEventTrackingFailed:"
        },
        {
          "Message": "\\t[Adjust]d: Delegate implements adjustSessionTrackingSucceeded:"
        },
        {
          "Message": "\\t[Adjust]d: Delegate implements adjustSessionTrackingFailed:"
        },
        {
          "Message": " SecTrustEvaluate  [leaf AnchorTrusted]"
        },
        {
          "Message": "[INFO/SDK]: MySpinServerSDK Version: 1.3.5.2 (none)"
        },
        {
          "Message": "[ERROR/SDK]: -[MySpinServerSDK start] [Line 445] mySPIN Server already started"
        }
      ]
    }
  }

Network Connections

  • As the application is running, we monitor the app communications in order to understand where the application is sending its data.

Example:

{
    "kind": "dynamic",
    "key": "geoip",
    "title": "Network Connections",
    "category": "artifact",
    "summary": "As the application is running, we monitor the app communications in order to understand where the application is sending its data.",
    "regulatory": {},
    "affected": true,
    "context": {
      "fields": {
        "domain": {
          "title": "Domain"
        },
        "ip": {
          "title": "IP"
        },
        "org": {
          "title": "Organization"
        },
        "location": {
          "title": "Location"
        }
      },
      "rows": [
        {
          "domain": "amazon.com",
          "ip": "107.21.220.89",
          "org": "Amazon.com Inc.",
          "location": "Ashburn, Virginia, US"
        },
        {
          "domain": "google.com",
          "ip": "104.154.127.47",
          "org": "Google Inc.",
          "location": "Mountain View, California, US"
        },
        {
          "domain": "leaseweb.com",
          "ip": "178.162.216.177",
          "org": "LeaseWeb Deutschland GmbH",
          "location": "Frankfurt am Main, Hessen, DE"
        },
        {
          "domain": "akamai.com",
          "ip": "104.113.62.61",
          "org": "Akamai Technologies Inc.",
          "location": "Warsaw, Mazowieckie, PL"
        },
        {
          "domain": "amazon.com",
          "ip": "52.85.112.141",
          "org": "Amazon Technologies Inc.",
          "location": "Camby, Indiana, US"
        }
      ]
    }
  }

AFNetworking Implementation

  • Checks the security of the AFNetworking library’s implementation setting, which allows developers to add networking functionality to their applications.

Example:

{
    "kind": "dynamic",
    "key": "afnetworking",
    "title": "AFNetworking Implementation",
    "category": "code",
    "summary": "Checks the security of the AFNetworking library's implementation setting, which allows developers to add networking functionality to their applications.",
    "cvss": "7.1",
    "regulatory": {},
    "affected": false,
    "severity": "pass",
    "description": "Your application is using an updated version of the AFNetworking library.",
    "context": {
      "title": "Tests",
      "fields": {
        "name": {
          "title": "Name"
        },
        "tests": {
          "title": "Tests"
        }
      },
      "rows": [
        {
          "name": "PodIntercom_AFSecurityPolicy",
          "tests": [
            "testDefaultPolicyIsSetToAFSSLPinningModeNone: true",
            "testDefaultPolicyFailsToEvaluateServerTrustFromSelfSignedCertificate: true"
          ]
        }
      ]
    }
  }

Run Summary

  • Summary of start/stop time, taskIDs, and various other parameters that provides meta information and diagnostic data during analysis.

Example:

{
    "kind": "dynamic",
    "key": "apk_run_summary",
    "title": "Run Summary",
    "category": "artifact",
    "regulatory": {},
    "affected": true,
    "context": {
      "fields": {
        "analysis_revision": {
          "title": "Analysis Revision"
        },
        "analysis_time": {
          "title": "Analysis Time"
        },
        "tablet_serial": {
          "title": "Tablet Serial",
          "format": null
        },
        "minSDK": {
          "title": "Minimum SDK"
        },
        "targetSDK": {
          "title": "Target SDK"
        },
        "md5": {
          "title": "MD5"
        },
        "id": {
          "title": "Job Id"
        }
      },
      "data": {
        "analysis_time": 542.101,
        "analysis_revision": "421c431",
        "start_analysis_timestamp": 1490363714.741
      }
    }
  }

Dynamic Log

  • Behavioral Report - is the range of actions and events logged during analysis

Example:

{
    "kind": "dynamic",
    "key": "ipa_dynamic_log",
    "title": "Dynamic Log",
    "category": "artifact",
    "regulatory": {},
    "affected": true,
    "context": {
      "title": "Behavioral Report",
      "data": {
        "v": "0.9.0",
        "asl": {
          "messages": [
            {
              "Message": "[Crashlytics] Version 3.8.1 (117)"
            },
            {
              "Message": "[INFO/SDK]: MySpinServerSDK Version: 1.3.5.2 (none)"
            },
            {
              "Message": "[ERROR/SDK]: -[EDManager applyLaunchOptions] [Line 1189] EDManager not started yet. Cannot call method -[EDManager applyLaunchOptions]."
            },
            {
              "Message": "[1] SDLIAPTransport Listening For Events"
            },
            {
              "Message": "[1] SDLIAPTransport Init"
            },
            {
              "Message": "[1] Attempting To Connect"
            },
            {
              "Message": "[1] No accessory supporting a required sync protocol was found."
            },
            {
              "Message": "[1] SDLProxy initWithTransport"
            },
            {
              "Message": "| RAPI: WARNING: [RAPIEntertainmentAppLink setAppName] called while not being connnected to the car"
            },
            {
              "Message": "| RAPI: [IF] setAppName:'Spotify'"
            },
            {
              "Message": "| RAPI: [IF] postAudioServiceAvailability:2"
            },
            {
              "Message": "*** -[NSKeyedUnarchiver initForReadingWithData:]: data is NULL"
            },
            {
              "Message": "08:59:04.321 ERROR:     [Main thread] 235: error -66748 from registration server"
            },
            {
              "Message": "\\t[Adjust]a: PRODUCTION: Adjust is running in Production mode. Use this setting only for the build that you want to publish. Set the environment to `sandbox` if you want to test your app!"
            },
            {
              "Message": "\\t[Adjust]d: Delegate implements adjustEventTrackingSucceeded:"
            },
            {
              "Message": "\\t[Adjust]d: Delegate implements adjustEventTrackingFailed:"
            },
            {
              "Message": "\\t[Adjust]d: Delegate implements adjustSessionTrackingSucceeded:"
            },
            {
              "Message": "\\t[Adjust]d: Delegate implements adjustSessionTrackingFailed:"
            },
            {
              "Message": " SecTrustEvaluate  [leaf AnchorTrusted]"
            },
            {
              "Message": "[INFO/SDK]: MySpinServerSDK Version: 1.3.5.2 (none)"
            },
            {
              "Message": "[ERROR/SDK]: -[MySpinServerSDK start] [Line 445] mySPIN Server already started"
            }
          ]
        }
  • GeoIP - GeoIP refers to the method of locating a computer terminal’s geographic location by identifying that terminal’s IP address

Example:

"ips": [
          "107.21.220.89",
          "104.154.127.47",
          "178.162.216.177",
          "104.113.62.61",
          "52.85.112.141"
        ],
        "path": "/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2/log.txt",
        "uuid": {
          "adid": "DEADBEEF-1234-1234-1234-123456789ABC",
          "idfv": "CAFEBABE-1234-1234-1234-123456789ABC",
          "count": 9
        },
        "geoip": [
          {
            "ip": "107.21.220.89",
            "fields": {
              "ip": "107.21.220.89",
              "isp": "Amazon.com Inc.",
              "city": "Ashburn",
              "ip_no": "1796594777",
              "domain": "amazon.com",
              "region": "Virginia",
              "status": "OK",
              "latitude": 0,
              "elevation": 0,
              "longitude": 0,
              "country_long": "United States",
              "country_short": "US"
            }
          },
          {
            "ip": "104.154.127.47",
            "fields": {
              "ip": "104.154.127.47",
              "isp": "Google Inc.",
              "city": "Mountain View",
              "ip_no": "1754955567",
              "domain": "google.com",
              "region": "California",
              "status": "OK",
              "latitude": 0,
              "elevation": 0,
              "longitude": 0,
              "country_long": "United States",
              "country_short": "US"
            }
          },
          {
            "ip": "178.162.216.177",
            "fields": {
              "ip": "178.162.216.177",
              "isp": "LeaseWeb Deutschland GmbH",
              "city": "Frankfurt am Main",
              "ip_no": "2997016753",
              "domain": "leaseweb.com",
              "region": "Hessen",
              "status": "OK",
              "latitude": 0,
              "elevation": 0,
              "longitude": 0,
              "country_long": "Germany",
              "country_short": "DE"
            }
          },
          {
            "ip": "104.113.62.61",
            "fields": {
              "ip": "104.113.62.61",
              "isp": "Akamai Technologies Inc.",
              "city": "Warsaw",
              "ip_no": "1752251965",
              "domain": "akamai.com",
              "region": "Mazowieckie",
              "status": "OK",
              "latitude": 0,
              "elevation": 0,
              "longitude": 0,
              "country_long": "Poland",
              "country_short": "PL"
            }
          },
          {
            "ip": "52.85.112.141",
            "fields": {
              "ip": "52.85.112.141",
              "isp": "Amazon Technologies Inc.",
              "city": "Camby",
              "ip_no": "878014605",
              "domain": "amazon.com",
              "region": "Indiana",
              "status": "OK",
              "latitude": 0,
              "elevation": 0,
              "longitude": 0,
              "country_long": "United States",
              "country_short": "US"
            }
          }
        ]
  • Configuration - data provided about the automation configuration and interaction during analysis

Example:

"config": {
          "config": "/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2/mergedConfig.json",
          "device": "5d409d972712d3c1ea9cb391293d2e79b5a7defc",
          "jailed": false,
          "outdir": "/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2",
          "probes": {
            "asl": {},
            "ssl": false,
            "url": {},
            "dump": {
              "exe": false,
              "mem": false,
              "exit": false,
              "heap": false,
              "files": false
            },
            "http": {
              "block": [
                "https://appload.ingest.crittercism.com/v0/appload",
                "api.crittercism.com",
                "ads.yieldmo.com",
                "ads.mopub.com",
                "metrics.cnn.com",
                "i.cdn.turner.com"
              ]
            },
            "uuid": {
              "adid": "DEADBEEF-1234-1234-1234-123456789ABC",
              "idfv": "CAFEBABE-1234-1234-1234-123456789ABC"
            },
            "patch": false,
            "crypto": {},
            "random": {},
            "uidump": {
              "every": 4000
            },
            "appinfo": {},
            "devinfo": true,
            "network": {
              "dns": true,
              "create": true,
              "connect": true
            },
            "sqlite3": true,
            "timeout": 240000,
            "touchid": true,
            "keychain": true,
            "location": {
              "enabled": true,
              "locations": [
                41,
                42
              ]
            },
            "clipboard": false,
            "intercept": false,
            "jailbreak": {},
            "automation": {
              "fields": {
                "imei": {
                  "value": "358239051198804",
                  "is_sensitive": true,
                  "search_strings": [
                    "IMEI",
                    "DeviceIdentifier"
                  ]
                },
                "name": {
                  "type": "automation",
                  "value": "Arthur Dent",
                  "is_sensitive": true,
                  "search_strings": [
                    "/name",
                    "name",
                    "fullname",
                    "full_name",
                    "full name",
                    "full-name"
                  ]
                },
                "email": {
                  "type": "automation",
                  "value": "[email protected]",
                  "is_sensitive": true,
                  "search_strings": [
                    "display name",
                    "displayname",
                    "e mail",
                    "e-mail",
                    "e_mail",
                    "email",
                    "login",
                    "screename",
                    "user id",
                    "user",
                    "user-id",
                    "user-name",
                    "user_id",
                    "user_name",
                    "userid",
                    "username"
                  ]
                },
                "zipcode": {
                  "type": "automation",
                  "value": "90210",
                  "is_sensitive": true,
                  "search_strings": [
                    "zipcode",
                    "zip",
                    "zip_code",
                    "zip-code",
                    "zip code"
                  ]
                },
                "lastname": {
                  "type": "automation",
                  "value": "Dent",
                  "is_sensitive": true,
                  "search_strings": [
                    "Last name",
                    "last name",
                    "lastname",
                    "last_name",
                    "last-name"
                  ]
                },
                "password": {
                  "type": "automation",
                  "value": "d0n7p4nic42",
                  "is_sensitive": true,
                  "search_strings": [
                    "password",
                    "pswd",
                    "pass",
                    "pwd",
                    "pass_word"
                  ]
                },
                "username": {
                  "type": "automation",
                  "value": "adent",
                  "is_sensitive": true,
                  "search_strings": [
                    "username",
                    "user_name",
                    "userid",
                    "login",
                    "screename",
                    "displayname",
                    "display name",
                    "usr",
                    "uid",
                    "nuid",
                    "uname"
                  ]
                },
                "firstname": {
                  "type": "automation",
                  "value": "Arthur",
                  "is_sensitive": true,
                  "search_strings": [
                    "First name",
                    "first name",
                    "firstname",
                    "first_name",
                    "first-name"
                  ]
                },
                "gpsLatitude": {
                  "value": "98.8",
                  "is_sensitive": true,
                  "search_strings": []
                },
                "phonenumber": {
                  "type": "automation",
                  "value": "17068675309",
                  "is_sensitive": true,
                  "search_strings": [
                    "Telephone number",
                    "number",
                    "phone Number",
                    "phone num",
                    "phone",
                    "phonenumber",
                    "tel"
                  ]
                },
                "gpsLongitude": {
                  "value": "38.8",
                  "is_sensitive": true,
                  "search_strings": []
                },
                "localWifiMAC": {
                  "value": "11:22:33:44:55:66",
                  "is_sensitive": true,
                  "search_strings": []
                },
                "surrounding_wifiMAC": {
                  "value": "77:77:77:77:77:77",
                  "is_sensitive": true,
                  "search_strings": []
                }
              },
              "actions": {
                "find": [
                  "guest",
                  "sign in",
                  "sign_in",
                  "sign-in",
                  "login",
                  "log in",
                  "start",
                  "signin",
                  "continue",
                  "submit",
                  "sbmt",
                  "OK",
                  "yes",
                  "agree",
                  "accept",
                  "next",
                  "done",
                  "already a",
                  "skip",
                  "signup",
                  "register",
                  "create",
                  "get started",
                  "sign_up",
                  "sign up",
                  "my account",
                  "settings",
                  "options",
                  "apply",
                  "Account",
                  "dimiss"
                ],
                "avoid": [
                  "facebook",
                  "G+",
                  "Google plus",
                  "Google",
                  "GOOGLE",
                  "twitter"
                ]
              },
              "interval": 5000
            },
            "microphone": {
              "mute": true
            },
            "addressbook": {},
            "afnetworking": {},
            "cfurlconnection": {}
          },
          "report": {
            "datasize": 1024
          },
          "configs": [
            "/data/analysis/117224-10-1unnzil.6st88y3nmi-.0j0nw2k9f.j0nw2k9g.019k9/artifacts/pass2/mergedConfig.json"
          ],
          "dumpConfig": true,
          "interaction": {
            "record": false
          },
          "runAllProbes": false
        },
        "crypto": {
          "CC_MD5": {
            "count": 3,
            "datas": [
              "CAFEBABE-1234-1234-1234-123456789ABC(null)",
              "DEADBEEF-1234-1234-1234-123456789ABC",
              "DEADBEEF-1234-1234-1234-123456789ABC"
            ]
          },
          "CC_SHA1": {
            "count": 2,
            "datas": [
              "46371d60868f39ad9bbca8ec10e874ac228e090646dc3c1dbb402527713f1b33",
              "iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAMAAAAOusbgAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAACN1BMVEUZFBQZFRQaLx4bUiwbcTgci0IdpEwdtVMdw1geylse1V8e12Ado0waOSMbcDgdnkoeyVsaNyIaQSYcgz8dwVccgj8ZIxobbzcdu1UduVQbbTcZIhkZJhscfj0ezlwezVwcfT0aKBwchUAe0V4e0F0chEAZJxsZGxcbcjkZGhYaRScdulUaQyYZGRYcgT4e1mAZGBUaLR4dr1EdrE8aLB4bUSwey1sbUCwZFhUciEEch0EckUUckEQckkUcj0QbVC0bUywaMyAezFwaMiAdtlMdtFIaRicaRCcbdDkaKRwez10ciUIdqk4clEYcgD4bXzEaSCgaPCMaOyMaMB8aLh4aOSIaPyUbYTIchkAe018eyFodoEscezwbVi4aOCIaKx0aRygbZjQdq08e0l4cm0gbaTUaNiEbYDIexFkaNCEbZzQcm0kdpUwZHhgbWS8cmUgbbDYe1F8aLB0bXTAdrlAduFQaPSQdn0oZJRscgT8dvFYcikIdwFcZFxUaTCobZDMceTscjkQdrVAdwlgdnUkaMR8dpk0ds1IexlkdpU0bXjEcejwaRigaTisdsVEaSikaKh0dv1cbbjcZIBkbVy4bZTQck0UcfD0dp00ZHBcexVkceDsbWC8ZHxgbVS0bdDocdjoaTSobYjIdoUsclUYaQCUZIRkbWzAbUCsdv1YbdTocdzoex1odvVYclkcbaDUcmEgcfz4bazYcjkMZHRgZJBoaPiQdokscjEMbXTEbXDAbUy0AAABq+20gAAAAAWJLR0S8StLi7wAAAAlwSFlzAAALEgAACxIB0t1+/AAAABxpRE9UAAAAAgAAAAAAAAA8AAAAKAAAADwAAAA8AAADF5PNxIYAAALjSURBVGje7JjpW1JBFMYRULgcZHO5aIpakDu3hRQotCwyNU3RbMFcQKlUSiptNSNsNW23aLH9/+xDT48jMJeZe8dvvB/hzPyYM/ec814UipxyyimnnHJipzylSp1foNFyOtBxWo0+X61S5m07tNBgNEG6TEaDeRupliIt4FVcYtmWg5fyVsimsvIdrLEVlTYgUVV1BUtszc5dQCq7YzcrbG2dDWhkq6tnwm2wAq0am+Rjm50C0Etw7pHJ3bsPpGm/Sxb3QAtIVUurDK5aAOkSeKlYtwfkySutk7kPglwdckvh+kC+2iSc2Qss5KXmGoCNDJTcdoERWDhMxT1SBazUcZRmLBwDdvJTjAwHsFQJMfe4wBQsdBJy663AVo2EyT4BrKUm4nZ1MwfbakjAPZkvqvhkbx9/qr2/fyAwODR0OjDcrzqjdrbpy0js2FmS0X8uddX54MiF0Vq83R4bn/CExNMUdtH2aG5yKkLU6N2Ri75LeLIju2+3I+GhTrq5dnl6BpN4W2m2tTwSPdtMP9SiV67aM5Hnsr0fITUcuybNuUSv30gHz2e5MAuaaOlmbaEtnEoeFl9RhITelONPb1WmZPy2eKbR99A78ix5190YCr4nGjy65UeizX1ReX/pQdz40JrgugFiHJewhpbjfVOtkSh2t0eP0d0ipM80QEL5jxmYjj8J42v06TPHc3PGulsMImHlYmBjintYedEwMdlBZDSW5wLpcJduM2JGrP1wsmaBKb6aWvlrSOcVAQ/Kd1i+l1vOrUe+e4UHq1jMwNdv3m6mEK2ScTy4js34rVr5j36HfvweD84X35DTzK73VI/wPL/yweP7OI9/6jg+qVAoFAsthBOqALfRJ+PnL4Vf022weePbul+XccX3HxvxraM9iAf7M5Zp70+laNdJNql/2QluYA2/RYZJbhwg8gHJVW8iG7gYvzz90n5TOIE/XpN4qeGXxtIs3hjdX0QbehFwNxr6FwAA///XaVP/AAAC90lEQVTtmFtPE0EUgM8KiM2SqlALbrFEoNACvVlb1pUXGxCpD8Q0ItYHEEhDJERoUiOxGkxBNF4CKCQQNZLKtuIFRcXbn/OlKHZm9jI7vJh+j51zztfM5ezOAuyGL2QU9HJxeZInQc5Cchp8aJBblmW3gjohDeO9EXJOGAnO/hnblxMcI4F0JD/QuDA0Jk2sRUVMmeh1rDhMFo+i//IOALjPvqoIEaZvODD1bB4pNJjChFrI4i5M+NCtjJ1XIel5VDD50To06glZvJ+nJlzWxu0u5UBDrpDFZbwR3jitf0v1ouNVZLGTN0ZEiu6U2kBHl8jiEt4ok1ITAACsYHbXIFkc5Y1jd44D3MxgRubJYtGksHtOLL+9WlI5a5NFAFiRB/pylx6+7sT0qXCmohFT4J1SwzuIdb7/sDhYS8hw921+PKRpKsaUxNWYDbNpVevPt1s+1aiLt5RKHEbjX2p7OKx/VmszcaV07kBheB2n9bn0ZXNByZtSzq4qjI8hYk6Wv8ovcMm+bJIs9iiLK5GEYH7Etp2d7vhWvurN/36/88H3xZy/YLWXYiTxtrKYa0UOxw+55/HGzCih3uqI8M/iPSW03aTaSlVT9IzU1I1dFTLYmAk1sbWRql91XhvfqfAc289k1c1ZT9kqQ9P58/4TN+pQPxX+y7RdOiQ0AwB3D/eektBwHk/RPyBSvT0XsO9b9VoawXE7zxp7raYWdI65uFRb73PVMPa2ujR23RYvU6+3W/M9xMFU7NF+AXKVM/R2uXVcvc6EmXnDs7oufb9YLbM3qPO6aWYkNuu+6EpMvP26vSB2MPDe5YDCfNq4VwQaRKOz7eCAErORve0VgJ72ELU3lgMj+AOU3sAAGMPnoZlu7zEfGKa7Vbf3aBuwoNmp753E7nQBI5pI38xw73X9TcCQk1JE21cQRwIYYxOSqtrklg32AG79iEXBavFsw94RF2ZwHx5iY0Ic9hrOHywty8ylTcN8gyk9lzlf2u7noEiRIkWK/H/8BkIvxKdKZlyMAAAAAElFTkSuQmCC"
            ]
          }
        }
  • Jailbreak - jailbreak status and device information during analysis

Example:

"jailbreak": {
          "files": {
            "/bin/bash": [
              {
                "args": {
                  "mode": {
                    "type": "S_IFREG",
                    "access": "S_IXOTH | S_IROTH | S_IXGRP | S_IRGRP | S_IXUSR | S_IWUSR | S_IRUSR"
                  }
                },
                "name": "lstat",
                "result": 0,
                "timestamp": 1490363943586
              },
              {
                "args": {
                  "mode": {
                    "type": "S_IFREG",
                    "access": "S_IXOTH | S_IROTH | S_IXGRP | S_IRGRP | S_IXUSR | S_IWUSR | S_IRUSR"
                  }
                },
                "name": "lstat",
                "result": 0,
                "timestamp": 1490363946046
              }
            ],
            "/Applications/Cydia.app": [
              {
                "args": {
                  "mode": {
                    "type": "S_IFDIR",
                    "access": "S_IXOTH | S_IROTH | S_IXGRP | S_IRGRP | S_IXUSR | S_IWUSR | S_IRUSR"
                  }
                },
                "name": "lstat",
                "result": 0,
                "timestamp": 1490363946044
              }
            ]
          }
  • Analyzes the attributes set within the cookies in use by the app to determine if the “secure” flag is set. When set to true, the “secure” flag tells the browser to only send the cookie if the request is sent using a secure channel. This will ensure the cookie is not transmitted over unencrypted requests.

Example:

{
    "kind": "dynamic",
    "key": "cookie_without_secure_flag",
    "title": "Cookie `secure` flag",
    "category": "network",
    "summary": "\n    Analyzes the attributes set within the cookies in use by the app\n    to determine if the \"secure\" flag is set. When set to true, the \"secure\"\n    flag tells the browser to only send the cookie if the request is sent using\n    a secure channel. This will ensure the cookie is not transmitted over\n    unencrypted requests.\n  ",
    "cvss": 5.3,
    "regulatory": {
      "cwe": [
        {
          "id": 614,
          "url": "https://cwe.mitre.org/data/definitions/614.html"
        }
      ],
      "owasp": [
        {
          "id": "M3 - Insufficient Transport Layer Protection",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M3"
        }
      ]
    },
    "affected": true,
    "issue": {
      "severity": "medium",
      "cvss": 5.3,
      "title": "secure flag violations",
      "cwe": [
        {
          "id": 614,
          "url": "https://cwe.mitre.org/data/definitions/614.html"
        }
      ],
      "owasp": [
        {
          "id": "M3 - Insufficient Transport Layer Protection",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M3"
        }
      ],
      "description": "\n    The following cookie was found to have the \"secure\" flag disabled.\n  ",
      "pass": "\n    The following cookie was found to have the \"secure\" flag enabled.\n  ",
      "recommendation": "\n    It is recommended to enable the \"secure\" flag to instruct the browser to\n    only send the cookie if the request is sent using a secure channel. There\n    are multiple ways to enable this, one of which is to set it within the\n    response header:\n\n        Set-Cookie: <name>=<value>[; <Max-Age>=<age>]\n         [; expires=<date>][; domain=<domain_name>]\n         [; path=<some_path>][; secure][; HttpOnly]\n  "
    },
    "severity": "medium",
    "description": "\n    The following cookie was found to have the \"secure\" flag disabled.\n  ",
    "recommendation": "\n    It is recommended to enable the \"secure\" flag to instruct the browser to\n    only send the cookie if the request is sent using a secure channel. There\n    are multiple ways to enable this, one of which is to set it within the\n    response header:\n\n        Set-Cookie: <name>=<value>[; <Max-Age>=<age>]\n         [; expires=<date>][; domain=<domain_name>]\n         [; path=<some_path>][; secure][; HttpOnly]\n  ",
    "context": {
      "rows": [
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_ftv",
          "secure": false,
          "expires": false,
          "full_url": "https://www.spotify.com/xhr/json/sign-up/?validate=1",
          "httponly": true,
          "set-cookies": "sp_ftv=1; path=/; httponly, sp_landing=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; httponly, sp_landing_15d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 08-Apr-2017 14:03:08 GMT; Max-Age=1296000; path=/; httponly, sp_landing_30d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_landing",
          "secure": false,
          "expires": true,
          "full_url": "https://www.spotify.com/xhr/json/sign-up/?validate=1",
          "httponly": true,
          "set-cookies": "sp_ftv=1; path=/; httponly, sp_landing=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; httponly, sp_landing_15d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 08-Apr-2017 14:03:08 GMT; Max-Age=1296000; path=/; httponly, sp_landing_30d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_landing_15d",
          "secure": false,
          "expires": true,
          "full_url": "https://www.spotify.com/xhr/json/sign-up/?validate=1",
          "httponly": true,
          "set-cookies": "sp_ftv=1; path=/; httponly, sp_landing=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; httponly, sp_landing_15d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 08-Apr-2017 14:03:08 GMT; Max-Age=1296000; path=/; httponly, sp_landing_30d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_landing_30d",
          "secure": false,
          "expires": true,
          "full_url": "https://www.spotify.com/xhr/json/sign-up/?validate=1",
          "httponly": true,
          "set-cookies": "sp_ftv=1; path=/; httponly, sp_landing=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; httponly, sp_landing_15d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sat, 08-Apr-2017 14:03:08 GMT; Max-Age=1296000; path=/; httponly, sp_landing_30d=www.spotify.com%2Fxhr%2Fjson%2Fsign-up%2F%3Fvalidate%3D1; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_bon",
          "secure": false,
          "expires": true,
          "full_url": "https://www.spotify.com/us/xhr/json/sign-up/?validate=1",
          "httponly": true,
          "set-cookies": "spsess=15305bb359193a9ae7ac64e701bb16c362c18316; path=/; secure; HttpOnly, sp_bon=46ffdf1ceadb50304dbb05c8b2a58d5a; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly, spot=%7B%22t%22%3A1490364188%2C%22m%22%3A%22us%22%2C%22p%22%3Anull%7D; expires=Fri, 20-Nov-2020 14:03:08 GMT; Max-Age=115516800; path=/; domain=spotify.com, sp_t=615331673c8afbc6774a437029c78d67; expires=Tue, 23-May-2017 14:03:08 GMT; Max-Age=5184000; path=/; domain=.spotify.com; secure, sp_new=1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; domain=.spotify.com; secure"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "spot",
          "secure": false,
          "expires": true,
          "full_url": "https://www.spotify.com/us/xhr/json/sign-up/?validate=1",
          "httponly": false,
          "set-cookies": "spsess=15305bb359193a9ae7ac64e701bb16c362c18316; path=/; secure; HttpOnly, sp_bon=46ffdf1ceadb50304dbb05c8b2a58d5a; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly, spot=%7B%22t%22%3A1490364188%2C%22m%22%3A%22us%22%2C%22p%22%3Anull%7D; expires=Fri, 20-Nov-2020 14:03:08 GMT; Max-Age=115516800; path=/; domain=spotify.com, sp_t=615331673c8afbc6774a437029c78d67; expires=Tue, 23-May-2017 14:03:08 GMT; Max-Age=5184000; path=/; domain=.spotify.com; secure, sp_new=1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; domain=.spotify.com; secure"
        }
      ],
      "fields": {
        "full_url": {
          "title": "URL"
        },
        "cookie": {
          "title": "Cookie"
        },
        "secure": {
          "title": "Secure"
        },
        "expires": {
          "title": "Expires"
        },
        "httponly": {
          "title": "HTTP Only"
        }
      }
    }
  }
  • Analyzes the attributes set within the cookies in use by the app to determine if the “httponly” flag is set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies, and can help prevent attacks like XSS, as the cookie cannot be accessed via client side (for example, using a JavaScript snippet code).

Example:

{
    "kind": "dynamic",
    "key": "cookie_without_httponly_flag",
    "title": "Cookie `httponly` flag",
    "category": "network",
    "summary": "\n    Analyzes the attributes set within the cookies in use by the app to\n    determine if the \"httponly\" flag is set. When a cookie is set with the\n    HTTPOnly flag, it instructs the browser that the cookie can only be accessed\n    by the server and not by client-side scripts. This is an important security\n    protection for session cookies, and can help prevent attacks like XSS, as the\n    cookie cannot be accessed via client side (for example, using a JavaScript\n    snippet code).\n  ",
    "cvss": 5.3,
    "regulatory": {
      "cwe": [
        {
          "id": 614,
          "url": "https://cwe.mitre.org/data/definitions/614.html"
        }
      ],
      "owasp": [
        {
          "id": "M7 - Client Side Injection",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M7"
        }
      ]
    },
    "affected": true,
    "issue": {
      "severity": "medium",
      "cvss": 5.3,
      "title": "httponly flag violations",
      "cwe": [
        {
          "id": 614,
          "url": "https://cwe.mitre.org/data/definitions/614.html"
        }
      ],
      "owasp": [
        {
          "id": "M7 - Client Side Injection",
          "url": "https://www.owasp.org/index.php/Mobile_Top_10_2014-M7"
        }
      ],
      "description": "\n    The following cookie was found to have the \"httponly\" flag disabled.\n  ",
      "pass": "\n    The following cookie was found out have the \"httponly\" flag enabled.\n  ",
      "recommendation": "\n    It is recommended to enable the httponly flag to prevent access via a\n    client-side script. There are multiple ways to enable this flag, one of\n    which is to set it within the response header:\n\n        Set-Cookie: <name>=<value>[; <Max-Age>=<age>]\n         [; expires=<date>][; domain=<domain_name>]\n         [; path=<some_path>][; secure][; HttpOnly]\n  "
    },
    "severity": "medium",
    "description": "\n    The following cookie was found to have the \"httponly\" flag disabled.\n  ",
    "recommendation": "\n    It is recommended to enable the httponly flag to prevent access via a\n    client-side script. There are multiple ways to enable this flag, one of\n    which is to set it within the response header:\n\n        Set-Cookie: <name>=<value>[; <Max-Age>=<age>]\n         [; expires=<date>][; domain=<domain_name>]\n         [; path=<some_path>][; secure][; HttpOnly]\n  ",
    "context": {
      "rows": [
        {
          "issue": "bad_cookie_usage",
          "cookie": "spot",
          "secure": false,
          "expires": true,
          "full_url": "https://www.spotify.com/us/xhr/json/sign-up/?validate=1",
          "httponly": false,
          "set-cookies": "spsess=15305bb359193a9ae7ac64e701bb16c362c18316; path=/; secure; HttpOnly, sp_bon=46ffdf1ceadb50304dbb05c8b2a58d5a; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly, spot=%7B%22t%22%3A1490364188%2C%22m%22%3A%22us%22%2C%22p%22%3Anull%7D; expires=Fri, 20-Nov-2020 14:03:08 GMT; Max-Age=115516800; path=/; domain=spotify.com, sp_t=615331673c8afbc6774a437029c78d67; expires=Tue, 23-May-2017 14:03:08 GMT; Max-Age=5184000; path=/; domain=.spotify.com; secure, sp_new=1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; domain=.spotify.com; secure"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_t",
          "secure": true,
          "expires": true,
          "full_url": "https://www.spotify.com/us/xhr/json/sign-up/?validate=1",
          "httponly": false,
          "set-cookies": "spsess=15305bb359193a9ae7ac64e701bb16c362c18316; path=/; secure; HttpOnly, sp_bon=46ffdf1ceadb50304dbb05c8b2a58d5a; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly, spot=%7B%22t%22%3A1490364188%2C%22m%22%3A%22us%22%2C%22p%22%3Anull%7D; expires=Fri, 20-Nov-2020 14:03:08 GMT; Max-Age=115516800; path=/; domain=spotify.com, sp_t=615331673c8afbc6774a437029c78d67; expires=Tue, 23-May-2017 14:03:08 GMT; Max-Age=5184000; path=/; domain=.spotify.com; secure, sp_new=1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; domain=.spotify.com; secure"
        },
        {
          "issue": "bad_cookie_usage",
          "cookie": "sp_new",
          "secure": true,
          "expires": true,
          "full_url": "https://www.spotify.com/us/xhr/json/sign-up/?validate=1",
          "httponly": false,
          "set-cookies": "spsess=15305bb359193a9ae7ac64e701bb16c362c18316; path=/; secure; HttpOnly, sp_bon=46ffdf1ceadb50304dbb05c8b2a58d5a; expires=Sun, 23-Apr-2017 14:03:08 GMT; Max-Age=2592000; path=/; httponly, spot=%7B%22t%22%3A1490364188%2C%22m%22%3A%22us%22%2C%22p%22%3Anull%7D; expires=Fri, 20-Nov-2020 14:03:08 GMT; Max-Age=115516800; path=/; domain=spotify.com, sp_t=615331673c8afbc6774a437029c78d67; expires=Tue, 23-May-2017 14:03:08 GMT; Max-Age=5184000; path=/; domain=.spotify.com; secure, sp_new=1; expires=Sat, 25-Mar-2017 14:03:08 GMT; Max-Age=86400; path=/; domain=.spotify.com; secure"
        }
      ],
      "fields": {
        "full_url": {
          "title": "URL"
        },
        "cookie": {
          "title": "Cookie"
        },
        "secure": {
          "title": "Secure"
        },
        "expires": {
          "title": "Expires"
        },
        "httponly": {
          "title": "HTTP Only"
        }
      }
    }
  }

Certificates

  • any certificates in use by the application are displayed in a table, and includes the type of key, number of bits, serial number, URL, and common name associated with each certificate.

Example:

{
    "kind": "dynamic",
    "key": "cert",
    "title": "Certificates",
    "category": "artifact",
    "summary": "\n    In this section, any certificates in use by the application are displayed in a table, and includes the type of key, number of bits, serial number, URL, and common name associated with each certificate.\n  ",
    "regulatory": {},
    "affected": true,
    "context": [
      {
        "certificate": {
          "address": "market.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      {
        "certificate": {
          "address": "settings.crashlytics.com:443",
          "server_cert": {
            "sha1": "58:A2:1B:33:5C:17:DA:93:D5:38:26:94:00:4D:F5:D5:43:9F:68:09",
            "issuer": [
              [
                "C",
                "GB"
              ],
              [
                "ST",
                "Greater Manchester"
              ],
              [
                "L",
                "Salford"
              ],
              [
                "O",
                "COMODO CA Limited"
              ],
              [
                "CN",
                "COMODO RSA Domain Validation Secure Server CA"
              ]
            ],
            "serial": "297128019429030689567084453467829891485",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "OU",
                "Domain Control Validated"
              ],
              [
                "OU",
                "COMODO SSL Wildcard"
              ],
              [
                "CN",
                "*.crashlytics.com"
              ]
            ],
            "altNames": [
              "*.crashlytics.com",
              "crashlytics.com"
            ],
            "notValidAfter": "2020-04-06 23:59:59",
            "notValidBefore": "2017-03-15 00:00:00"
          },
          "peer_address": "50.17.244.57:443"
        }
      },
      null,
      null,
      null,
      null,
      {
        "certificate": {
          "address": "app.adjust.com:443",
          "server_cert": {
            "sha1": "75:0B:25:84:C0:DD:08:82:0E:B4:D7:3E:5E:BD:14:0A:6E:F5:DD:0B",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "OU",
                "www.digicert.com"
              ],
              [
                "CN",
                "DigiCert SHA2 Extended Validation Server CA"
              ]
            ],
            "serial": "10560060832343824233374950529586432498",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "businessCategory",
                "Private Organization"
              ],
              [
                "UNDEF",
                "DE"
              ],
              [
                "UNDEF",
                "Berlin"
              ],
              [
                "serialNumber",
                "HRB 140616"
              ],
              [
                "street",
                "Saarbrücker Str. 36 a"
              ],
              [
                "postalCode",
                "10405"
              ],
              [
                "C",
                "DE"
              ],
              [
                "L",
                "Berlin"
              ],
              [
                "O",
                "Adjust GmbH"
              ],
              [
                "CN",
                "app.adjust.com"
              ]
            ],
            "altNames": [
              "app.adjust.com"
            ],
            "notValidAfter": "2018-02-16 12:00:00",
            "notValidBefore": "2015-11-19 00:00:00"
          },
          "peer_address": "178.162.216.178:443"
        }
      },
      null,
      null,
      null,
      null,
      {
        "certificate": {
          "address": "app.adjust.com:443",
          "server_cert": {
            "sha1": "75:0B:25:84:C0:DD:08:82:0E:B4:D7:3E:5E:BD:14:0A:6E:F5:DD:0B",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "OU",
                "www.digicert.com"
              ],
              [
                "CN",
                "DigiCert SHA2 Extended Validation Server CA"
              ]
            ],
            "serial": "10560060832343824233374950529586432498",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "businessCategory",
                "Private Organization"
              ],
              [
                "UNDEF",
                "DE"
              ],
              [
                "UNDEF",
                "Berlin"
              ],
              [
                "serialNumber",
                "HRB 140616"
              ],
              [
                "street",
                "Saarbrücker Str. 36 a"
              ],
              [
                "postalCode",
                "10405"
              ],
              [
                "C",
                "DE"
              ],
              [
                "L",
                "Berlin"
              ],
              [
                "O",
                "Adjust GmbH"
              ],
              [
                "CN",
                "app.adjust.com"
              ]
            ],
            "altNames": [
              "app.adjust.com"
            ],
            "notValidAfter": "2018-02-16 12:00:00",
            "notValidBefore": "2015-11-19 00:00:00"
          },
          "peer_address": "178.162.219.58:443"
        }
      },
      null,
      null,
      null,
      null,
      {
        "certificate": {
          "address": "app.adjust.com:443",
          "server_cert": {
            "sha1": "75:0B:25:84:C0:DD:08:82:0E:B4:D7:3E:5E:BD:14:0A:6E:F5:DD:0B",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "OU",
                "www.digicert.com"
              ],
              [
                "CN",
                "DigiCert SHA2 Extended Validation Server CA"
              ]
            ],
            "serial": "10560060832343824233374950529586432498",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "businessCategory",
                "Private Organization"
              ],
              [
                "UNDEF",
                "DE"
              ],
              [
                "UNDEF",
                "Berlin"
              ],
              [
                "serialNumber",
                "HRB 140616"
              ],
              [
                "street",
                "Saarbrücker Str. 36 a"
              ],
              [
                "postalCode",
                "10405"
              ],
              [
                "C",
                "DE"
              ],
              [
                "L",
                "Berlin"
              ],
              [
                "O",
                "Adjust GmbH"
              ],
              [
                "CN",
                "app.adjust.com"
              ]
            ],
            "altNames": [
              "app.adjust.com"
            ],
            "notValidAfter": "2018-02-16 12:00:00",
            "notValidBefore": "2015-11-19 00:00:00"
          },
          "peer_address": "178.162.216.178:443"
        }
      },
      null,
      null,
      null,
      {
        "certificate": {
          "address": "sb.scorecardresearch.com:443",
          "server_cert": {
            "sha1": "C9:FE:C7:55:C4:96:14:FD:02:23:B4:94:AE:0C:F1:F3:07:D3:7C:66",
            "issuer": [
              [
                "C",
                "GB"
              ],
              [
                "ST",
                "Greater Manchester"
              ],
              [
                "L",
                "Salford"
              ],
              [
                "O",
                "COMODO CA Limited"
              ],
              [
                "CN",
                "COMODO RSA Organization Validation Secure Server CA"
              ]
            ],
            "serial": "302320589057966251702979401781329461589",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "US"
              ],
              [
                "postalCode",
                "20190"
              ],
              [
                "ST",
                "Virginia"
              ],
              [
                "L",
                "Reston"
              ],
              [
                "street",
                "Suite 600"
              ],
              [
                "street",
                "11950 Democracy Drive"
              ],
              [
                "O",
                "TMRG"
              ],
              [
                "OU",
                "OSE"
              ],
              [
                "OU",
                "PremiumSSL Wildcard"
              ],
              [
                "CN",
                "*.scorecardresearch.com"
              ]
            ],
            "altNames": [
              "*.scorecardresearch.com",
              "scorecardresearch.com"
            ],
            "notValidAfter": "2017-12-20 23:59:59",
            "notValidBefore": "2016-12-20 00:00:00"
          },
          "peer_address": "23.193.174.177:443"
        }
      },
      null,
      null,
      null,
      null,
      {
        "certificate": {
          "address": "app.adjust.com:443",
          "server_cert": {
            "sha1": "75:0B:25:84:C0:DD:08:82:0E:B4:D7:3E:5E:BD:14:0A:6E:F5:DD:0B",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "OU",
                "www.digicert.com"
              ],
              [
                "CN",
                "DigiCert SHA2 Extended Validation Server CA"
              ]
            ],
            "serial": "10560060832343824233374950529586432498",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "businessCategory",
                "Private Organization"
              ],
              [
                "UNDEF",
                "DE"
              ],
              [
                "UNDEF",
                "Berlin"
              ],
              [
                "serialNumber",
                "HRB 140616"
              ],
              [
                "street",
                "Saarbrücker Str. 36 a"
              ],
              [
                "postalCode",
                "10405"
              ],
              [
                "C",
                "DE"
              ],
              [
                "L",
                "Berlin"
              ],
              [
                "O",
                "Adjust GmbH"
              ],
              [
                "CN",
                "app.adjust.com"
              ]
            ],
            "altNames": [
              "app.adjust.com"
            ],
            "notValidAfter": "2018-02-16 12:00:00",
            "notValidBefore": "2015-11-19 00:00:00"
          },
          "peer_address": "178.162.219.58:443"
        }
      },
      null,
      null,
      null,
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      null,
      null,
      null,
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }
      },
      null,
      {
        "certificate": {
          "address": "www.spotify.com:443",
          "server_cert": {
            "sha1": "7A:27:2B:23:A6:D1:6D:34:73:35:7D:E5:4B:96:56:BA:2C:CC:EC:EC",
            "issuer": [
              [
                "C",
                "US"
              ],
              [
                "O",
                "DigiCert Inc"
              ],
              [
                "CN",
                "DigiCert SHA2 Secure Server CA"
              ]
            ],
            "serial": "16382199766104679083852648844995389715",
            "keyinfo": {
              "keybits": 2048,
              "keytype": "RSA"
            },
            "subject": [
              [
                "C",
                "SE"
              ],
              [
                "ST",
                "Stockholm"
              ],
              [
                "L",
                "Stockholm"
              ],
              [
                "O",
                "Spotify AB"
              ],
              [
                "CN",
                "*.spotify.com"
              ]
            ],
            "altNames": [
              "*.spotify.com",
              "spotify.com"
            ],
            "notValidAfter": "2017-06-21 12:00:00",
            "notValidBefore": "2014-04-15 00:00:00"
          },
          "peer_address": "104.154.127.47:443"
        }