check is it possible to check if a specific CA is intalled in the browser
is it possible to do active probing on installed certificates without showing a certificate warning? maybe hidden in an iframe or popup or using webrtc. everything that could load if the certificate is installed and be blocked otherwise. if possible it could be misused to find out if a user is vulnerable to a hiden mitm attack. users of goagent, shaddow socks and cooperate content filters could be vulnerable.
Trac:
Username: elypter