Open petrovickristina opened 5 months ago
@petrovickristina May I ask: Have you finished the step 5th on this Docs: https://docs.proxyman.io/debug-devices/android-device
New Android API doesn't accept any user certificate until we config it in these files. Otherwise, you will get SSL Error when intercepting HTTPS from your Android app.
Hi @NghiaTranUIT Thanks a lot, adding that additional part of a code helped with Internal errors, but now I can’t see all traffic. I can only see calls for one domain, do you have maybe another proposal what should I try to do for that issue?
So it works.
To see all HTTPS traffic, it depends on what network library you're using?
@petrovickristina it seems Retrofit doesn't accept Proxyman self-signed certificate, even though it's trusted in the Android System.
You have to add some config to tell Retrofit to accept it. Here is a code sample: https://futurestud.io/tutorials/retrofit-2-how-to-trust-unsafe-ssl-certificates-self-signed-expired
or
https://gist.github.com/demixdn/3886de5a71dc2812c8f4d27a248a506b
Hi @NghiaTranUIT , I will also jump in since we are both on a same project :)
I have noticed that we have problem communicating with Firebase Firestore when we turn on Proxyman. We are receiving a message:
Stream closed with status: Status{code=UNAVAILABLE, description=null, cause=java.lang.RuntimeException: TLS ALPN negotiation failed with protocols: [h2]
We have tried all suggestions mentioned above, but nothing helps. Do you have any additional suggestion?
I suggest not using the SSL Proxying on the Firebase domains, to make it works.
Firebase only supports HTTP/2 (h2) that Proxyman doesn't support (only HTTP/1.1)
@VidojeMuric You can open the Tool menu -> SSL Proxying List -> remove the Firebase domains.
By doing it, Proxyman just proxies these data without intercepting it.
Hi @NghiaTranUIT , thanks for a quick reply and help! In SSL Proxying list we didn't have Firebase domains. Only domains of our app. And the error is the same
[WatchStream]: (7208c20) Stream closed with status: Status{code=UNAVAILABLE, description=null, cause=java.lang.RuntimeException: TLS ALPN negotiation failed with protocols: [h2] at io.grpc.okhttp.OkHttpProtocolNegotiator.negotiate
Hi @NghiaTranUIT, I'm experiencing the same issue.
We've added both xml files with the exception of <certificates src="user" />
in <base-config cleartextTrafficPermitted="true">
This is also React-native with OKhttp as network lib.
All certificates should be correct, but when i'm using proxy with Android I keep getting:
From what I google, OkHTTP doesn't use the certificate in your system Android. You have to accept it manually. Here is the tutorial on how to accept a self-signed certificate: https://www.baeldung.com/okhttp-self-signed-cert
If it's okay, then, Proxyman can decrypt your HTTPS data.
Sample Code: https://gist.github.com/rybalkinsd/940a35ccefb9849c887ccf32d3be744b
@NghiaTranUIT Why is there a <debug-overrides>
in the network config when the types of certificates trusted (user & system) in the <base-config>
are exactly the same?
Shouldn't the <base-config>
exclude user certificates by default for security reasons?
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
<certificates src="system" />
</trust-anchors>
</debug-overrides>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" /> <!-- shouldn't this be removed? !-->
</trust-anchors>
</base-config>
</network-security-config>
Description
I've installed certificates both on MacBook and Android device, and I've turned Web proxy (HTTP) and Secure web proxy (HTTPS) ON.
Can somebody help me with resolving this issue, I don't know what else should I try?
I think that I've read everything that is on the internet util now :D Thanks in advance!