search

ProxymanApp / proxyman-windows-linux

Public tracker for Proxyman Windows/Linux
https://proxyman.io/
MIT License
102 stars 4 forks source link

Proxyman cannot handle HTTPS traffic whose CONNECT request HOST is IP instead of server name. #288

Open cesaryuan opened 1 year ago

cesaryuan commented 1 year ago

Description

Hi, thanks for you excellant product!

I'm trying to capture traffic from Android application. Here is my procedures:

  1. Root the android device
  2. install the proxyman cert to system CA
  3. install Proxydroid app to phone
  4. set Proxydroid to transfer the traffic to [ProxymanIp]:9090
  5. open android chrome and then check capture on Proxyman

image

We can see that all HTTPS capture cannot get domain but only ip. It causes that proxyman cannot capture HTTPS correctly.

However, other alternative proxy software on Windows such as Fiddler Classic and Mitmproxy can handle this correctly (Fiddler need additional settings). As far as I know, they obtain the server name indicator from the client's TLS handshake instead of using the HOST field from the CONNECT. (Reference https://groups.google.com/g/httpfiddler/c/hvsDR14j1Lg/m/P02zBzIYCE4J)

It seems there is an similar issue. But I'm not sure. Proxyman does not use SNI when generating certificates for use with SSL Proxying · Issue #1581 · ProxymanApp/Proxyman

Therefore, it will be wonderful if you can fix this issue.

Steps to Reproduce

  1. Root the android device
  2. install the Proxyman cert to android system CA
  3. install Proxydroid app to phone
  4. set Proxydroid to transfer the traffic to <Proxyman's IP>:9090
  5. open android chrome and then check capture on Proxyman

Current Behavior

image

Expected Behavior

image

Environment

NghiaTranUIT commented 1 year ago

Thanks @cesaryuan for the detailed feedback. Our team is going to fix it asap 👍

NghiaTranUIT commented 1 year ago

@cesaryuan I've confirmed that we can reproduce the bug with Android Emulator too. Gonna fix it now.

cesaryuan commented 1 year ago

@cesaryuan I've confirmed that we can reproduce the bug with Android Emulator too. Gonna fix it now.

Thank you for your quick response! 😘

NghiaTranUIT commented 1 year ago

@cesaryuan can you try to Disable the Private DNS in Android Settings -> Network & internet -> Advanced -> Private DNS

From what I know, it can fix the bug.

Ref: https://stackoverflow.com/questions/68819088/fiddler-ip-address-being-captured-instead-of-url-from-android-emulator

cesaryuan commented 1 year ago

@cesaryuan can you try to Disable the Private DNS in Android Settings -> Network & internet -> Advanced -> Private DNS

From what I know, it can fix the bug.

Ref: https://stackoverflow.com/questions/68819088/fiddler-ip-address-being-captured-instead-of-url-from-android-emulator

Thanks! I checked that this option has been disabled already. image

cesaryuan commented 1 year ago

Hi, is there any progress on it?

kics223w1 commented 1 year ago

Hi, this bug will continue to be fixed after we finish updating new UI for Proxyman Windows. For now, I haven't found a solution or workaround for this.

cesaryuan commented 3 months ago

Hi, is there any progress on it?

NghiaTranUIT commented 3 months ago

@kics223w1 can you share the progress? I guess we should try to reproduce this issue again on the latest build. Maybe it's already fixed

kics223w1 commented 3 months ago

I think so, I'll reproduce this issue on version 2.15.0 and if it's not fixed, I'll fix this 👍🏻

kics223w1 commented 3 months ago

Hi @cesaryuan , this issue is fixed on version 2.15.0

cesaryuan commented 3 months ago

this issue is fixed on version 2.15.0

Hello, I tried it on my own computer and found that there is still a problem

kics223w1 commented 3 months ago

@cesaryuan Can you walk me through how you reproduce this? I used the reproduced steps in the pull request and I can see the hostname perfectly