WebSocket error during handshake when using Proxyman

[kartikarora]

Description

I am debugging an Android app which opens a webview, and the webview initiates a websocket connection. I have no control over the webview or the websocket connection code.

The webview is able to send parsed messages from websocket to native android code. I'd like to be able to modify this response using map remote to a locally hosted websocket server.

When I open the webview in chrome's inspector, the following happens

• If Proxy is enabled and SSL Proxy for the domain is enabled, Chrome report an error Error during WebSocket handshake: 'Sec-WebSocket-Protocol' header must not appear more than once in a response but the headers in Proxyman seem to be fine.
• If Proxy is disabled and SSL Proxy for the domain is disabled, chrome reports a successful connection and starts receiving messages in the websocket connection.

Environment

• Websocket uses STOMP protocol for message exchange.
• App version: Proxyman 4.7.1
• macOS version: macOS Ventura 13.3.1

[kartikarora]

I can confirm that a similar setup on Charles Proxy just works.

[NghiaTranUIT]

Thanks. I'm investigating your issue and send you a Beta build to test it out 👍

[NghiaTranUIT]

@kartikarora can you share with me the website that uses WSS that I can test 🤔

My investigation

1. Start a Android with Webview
2. Try to capture WSS from WebView: https://www.piesocket.com/websocket-tester
3. Able to capture without error ✅

Note that I have to add the WSS domain (demo.piesocket.com) into the network_security_config.xml file.

<network-security-config>
    <domain-config>
        <!-- Make sure your URL Server here -->
        <domain includeSubdomains="true">www.piesocket.com</domain>
        <domain includeSubdomains="true">demo.piesocket.com</domain>
        <trust-anchors>
            <certificates src="user"/>
            <certificates src="system"/>
        </trust-anchors>
    </domain-config>

    <debug-overrides>
        <trust-anchors>
            <certificates src="user" />
            <certificates src="system" />
        </trust-anchors>
    </debug-overrides>

    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

[kartikarora]

Hey @NghiaTranUIT

Thanks for the quick response. Unfortunately, the domains are not internet-facing and won't work until you are physically here in the office in Sydney :/

I can however confirm that I have set up my network_security_config in a similar manner and I am able to proxy the other end points over https easily.

I'll try overriding the webview url with piesocket's demo url and see if that works.

[kartikarora]

Interesting to find that https://www.piesocket.com/websocket-tester in the webview works and I am able to see the messages in Proxyman

[NghiaTranUIT]

Maybe the bug is from WSS with STOMP protocol. I'm trying to find any STOMP WS online, so I can test it 👍

[kartikarora]

@NghiaTranUIT The same server is interceptible on Charles though. I'd rather use Proxyman, to be honest. I can't find any stomp servers online, I'll try and make one over the weekend.