Closed Baltazar500 closed 2 years ago
The HTTPS connection fails
I do not know what BoringSSL does there
You could try to record the connection with pcap/wireshark. Or try OpenSSL
I do not know what BoringSSL does there
I have no idea where it comes from. How to find out the reason?
You could try to record the connection with pcap/wireshark.
Does it help to intercept https ?
Or try OpenSSL
How to do it under android (armv7) ?
There is no problem with xidel-0.9.9.20220131.8335.4e6fcea4d02e on Android 4.2.2/armv7
Linux localhost 3.4.5 #1 SMP PREEMPT Thu Mar 27 16:19:17 CST 2014 armv7l GNU/Linux
and on android 6.0/armv7 i get errors with https
Linux localhost 3.18.19+ #2 SMP PREEMPT Thu Sep 7 17:51:43 CST 2017 armv7l GNU/Linux
Maybe the strace log will help ? strace # xidel-0.9.9.20220131.8335.4e6fcea4d02e.txt
Does it help to intercept https ?
It shows which TLS version and ciphers are used.
How to do it under android (armv7) ?
I do not know. Perhaps get a libcrypto.so and libssl.so from OpenSSL and set LD_LIBRARY_PATH to their path.
Actually perhaps that is how it is supposed to be done. Now I have looked up the BoringSSL documentation and it says "BoringSSL does not have a stable API or ABI. ... Android's system-internal copy of BoringSSL is not exposed by the NDK and must not be used by third-party applications."
Android 4.2.2/armv7
Perhaps that still had OpenSSL
Maybe the strace log will help ? strace # xidel-0.9.9.20220131.8335.4e6fcea4d02e.txt
That looks like the problem. :
write(3, "\26\3\1\0\235\1\0\0\231\3\3\7\5qA\321\335\272\222P\373l\261\264\215C^\233{\"x\220"..., 162) = 162 read(3, 0xb85a880b, 5) = -1 ECONNRESET (Connection reset by peer)
The server does not answer anything. Perhaps it does not like the initial request. But you need to use strace -x --write=3 --read=3
to show the entire request rather than truncating. Or wireshark, which could also tell us what the request means (I tried to decode some of it. \26=content type, \3\1 = at least TLS1.0, \0\235=length, \1=CLientHello, \0\0\231=length,\3\3=at most TLS1.2,... ).
@benibela
It shows which TLS version and ciphers are used.
I used tcpdump on the device to capture data, but there was nothing in the "Protocol" field, as well as in the "SSL" frames themselves.
Or is it necessary to intercept through wireshark ? It's a little more difficult, but I can do it.
I do not know. Perhaps get a libcrypto.so and libssl.so from OpenSSL and set LD_LIBRARY_PATH to their path.
I did not find the new OpenSSL libraries libcrypto.so and libssl.so for andoid armv7 (where can I get them?) and I used libraries from an old smartphone with 4.2.2 and it worked, but xidel gave some errors :
WARNING: linker: /data/tools/openssllib/libcrypto.so has text relocations. This is wasting memory and prevents security hardening. Please fix.
WARNING: linker: /data/tools/openssllib/libssl.so has text relocations. This is wasting memory and prevents security hardening. Please fix.
The server does not answer anything. Perhaps it does not like the initial request. But you need to use strace -x --write=3 --read=3 to show the entire request rather than truncating.
I'm not sure if I have the full version of strace, but it seems that there were no errors with these switches and the full log was saved strace # xidel-0.9.9.20220131.8335.4e6fcea4d02e # full.txt
p.s. Through a proxy (BURP) on the desktop, android armv7 xidel requests went without libs and errors :|
The SNI record is missing
Looks like they changed something. I have uploaded a new version with a fix (https://github.com/benibela/internettools/commit/c353c5ca6fb7940efd6aa42c818fe7858c8b5336) (untested)
Looks like they changed something. I have uploaded a new version with a fix
Fix in revision xidel-0.9.9.20220424.8389.2d2ee7befb8a.androidarm works :) Google and other "problem" sites give data without BoringSSL errors. Thanks.
I get an error on androidarm revision
even when using the "--no-check-certificate" key
but not everywhere
What is the problem ?