search

ProxymanApp / Proxyman

Modern. Native. Delightful Web Debugging Proxy for macOS, iOS, and Android ⚡️
https://proxyman.io
5.53k stars 183 forks source link

SSL Handshake Failed & enable all SSL requests for remote devices #672

Open rainb3rry opened 3 years ago

rainb3rry commented 3 years ago

Proxyman version? 2.10.0

macOS Version? 10.15.6

Steps to reproduce

I'm trying intercept https requests coming from my NoxPlayer android emulator, activated and truested ssl certificates on mac and emulator, added the proxy options to emulator.

I can see requests on Remote devices tab in Proxyman app, but i got SSL Handshake Failed error even though certificates installed on devices. The error:

handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436498 error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE]))

Expected behavior

I just want to see and intercept all requests from my emulator smoothly.

BTW, is there any option to enable all ssl responses for emulator like in apps, I can see only Enable only this domain button, i would like to enable all domains for my emulator too. image

NghiaTranUIT commented 3 years ago

Hi @rainb3rry,

It's the first time I hear "NoxPlayer android emulator". Maybe it requires extra steps to make it works.

Can you try Android Emulator from Android Studio? If you use it, you can run our built-in script (https://docs.proxyman.io/debug-devices/android-device/automatic-script-for-android-emulator) to do all tasks automatically (includes HTTP Proxy, Install, and Trust certificates).

Btw, can you share with us what Android version are you using? Because if it's Android 11+, you have to manually trust the Certificate in the system. Read more at: https://docs.proxyman.io/troubleshooting/my-ios-devices-couldnt-connect-to-proxyman-via-proxy#2-install-and-trust-proxyman-ca-for-android-with-api-30

Regarding the Enable from app in Android Emulator, it's technically impossible since we don't know where the traffic from if it's from the physical or emulator. It's possible on macOS because we can access to iptable.

NghiaTranUIT commented 3 years ago

There is one more scenario that your config in your project yet:

Please check out the Step 4 at https://docs.proxyman.io/debug-devices/android-device#android-setup-guide

rainb3rry commented 3 years ago

Hey @NghiaTranUIT thanks for quick response.

My android version is 7.1.2 and I want to say I'm not working on my own android app I'm trying to intercept some apps traffic like instagram and https websites on android browser but i cannot see the requests and responses smoothly on the Proxyman app.

I see CONNECT text on method column in requests row on remote device tab, i would like to see POST or GET requests instead of CONNECT and this requests have 999 error code.

I'm getting same issue likewise when I try to connect https://google.com (I enabled ssl for that domain) on android browser, image

I can see post and get requests for mac apps perfectly but i cannot see for 192.168.2.112 remote device (Noxplayer emulator).

Btw, i see my mac name on certificate that installed android side, is that okay? image

NghiaTranUIT commented 3 years ago

So, if you're trying to intercept other apps (not the one you're own) from Android. It's impossible unfortunately (even though it's possible in iOS)

Because Android requires configurations in network_security_config.xml and AndroidManifest.xml in order to intercept the HTTPS Traffic.

Therefore, you see SSL Error. It's correct behavior

rainb3rry commented 3 years ago

Hmm, so i cannot intercept even in browser actions (ssl websites) on android? It's was doing that on Burp Suite. So, can I do that and ios apps on external IOS device?

Thanks.

rainb3rry commented 3 years ago

I tried on IOS now and it's worked on safari browser for ssl websites but I'm getting same error on instagram app, that's because of some development settings of the instagram app? If so, how they intercept a mobile app API structure and write an unofficial API based the mobile app API (like https://github.com/dilame/instagram-private-api)

Edit: I tried on another app and it's worked beautifully, digressive but how can I see instagram app API do you know 😂 like above repository.

Thanks for your help.

NghiaTranUIT commented 3 years ago

Yay, famous iOS apps are already used SSL Pinning techniques to prevent man-in-the-middle app like Proxyman or Charles to intercept their https traffic. Therefore you couldn’t intercept it unless you are Instagram developers who have the company certificates.

You can by pass it by using a jailbreak iOS device or rooted Android device to force the app to trust Proxyman certificate. Thus, you can get HTTPs traffic 😁