search

ProxymanApp / Proxyman

Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
https://proxyman.io
5.35k stars 177 forks source link

SSL Proxying limit can be bypassed on free version #2011

Open badwulfy opened 2 months ago

badwulfy commented 2 months ago

Description

I use the free version of Proxyman, and I was able to bypass the maximum of 6 rules in SSL Proxying by using a wildcard. Using this method, a user can avoid paying the license. I think it should not be allowed in the free version.

Steps to Reproduce

  1. Go to SSL Proxying List screen
  2. Below "Include List", click on "+" then on "Select App/Domain"
  3. On the bottom of the window "Add favorite app or domain, click on "Select" and then on "Domain..."
  4. Type "*" and press "Add"

Current Behavior

Proxyman can "decode" every SSL requests despite being on free version when using wildcard.

Expected Behavior

Wildcard should probably be forbidden on free version to avoid using bypasses.

Environment

NghiaTranUIT commented 2 months ago

It's my intention, limit the * doesn't work if asking them to pay for the license. They will find other solution to bypass the SSL Proxying List.