Closed frank-fan closed 11 years ago
mhils
commented
11 years ago Hey,
thanks for your feedback. The certificate stored in "~/.mitmproxy" is indeed the correct one. What android device/version/browser are you using? To me it looks like you are installing a different certificate on your phone (which cert name does it suggest?). Please double-check that there are no other certificate files present on your sdcard.
Thanks, Max
frank-fan
commented
11 years ago Thanks for your help.
At last, I found a way to solve this problem.
Run HoneyProxy with command:
python honeyproxy.py --cert mitmproxy-ca.pem
mitmproxy-ca.pem is copied from ~/.mitmproxy folder. This make sure the certificate in server side and my android is same one.
Any way, I found that HoneyProxy can't catch (SSL) packages from my android. I n the browser, it keep saying certificate mismatch. I google this certificate thing and conclude:
To a https web request, every domain have a different certificate. this certificate should be certificated by a ROOT certificate Authority like DigiCert Root certificates, GlobalSign root certificates.
But here, for HoneyProxy, Only one certficate is created and only sign to mimtproxy. Obviously, the browser in my android will saying certificate mismatch when open a different url like "https://github.com".
So we must create different certificate for different domain.
But here is the problem: How could you make your android trust your certificates created for different domain?
Yes, there is a way. I was inspired by goagent, a great tool for chinese. Just create a Root certificate Authority.
Step 1 is easy to be completed. But step2 need to change this mimtproxy code.
@mhils It is the right way?
ps: goagent: https://code.google.com/p/goagent/source/browse/local/proxy.py
mhils
commented
11 years ago Hey,
~/.mitmproxy/ automatically. There is no need to specify that explicitly. ~/.mitmproxy/. You don't need to generate certificates by hand. Just make sure that the (already generated) root certificate is installed correctly.Installing a trusted root certificate on Android is not a trivial task. Check out http://stackoverflow.com/questions/4461360/how-to-install-trusted-ca-certificate-on-android-device or google for "android install trusted root certificate".
Cheers, Max
frank-fan
commented
11 years ago En, looks like I was misunderstand about mitmproxy. I will try again later.
Thanks!
I wanna running honey proxy on Windows and proxy all the HTTPS request of Android.
Honey Proxy tell me that If you wanna proxy HTTPS, you should follow steps on page http://mitmproxy.org/doc/ssl.html. I know it's about config Certificate files. Luckly, I found a page http://mitmproxy.org/doc/certinstall/android.html on mimtproxy which introduce how to config certificate on Android. As Honey Proxy is based on mimtproxy, I think it maybe work. So I follow this instruction step by step.
In the quick start of honey proxy,
I truely found all the certificates files in my use folder which is C:\Documents and Settings....mitmproxy, like mitmproxy-ca-cert.cer, mitmproxy-ca-cert.p12, mitmproxy-ca-cert.pem, mitmproxy-ca.pem.
I google this about certificates .cer file is the certificate, and .pem is the private key which is used in server side.
I import all the (so-called) certificate files into /sdcard/Download folder. And install it by the instruction showing in page http://mitmproxy.org/doc/certinstall/android.html.
Then I installed ProxyDroid app on my android and configed.
After start Honey Proxy on Windows, I try to open url like https://github.com on browser of my android, it doesn't work. The browser keep saying untrust-certificate ...
Actually, I even check the mitmproxy-ca-cert.cer and the so-called untrust-certiifcate, they have different create date , which means the certificate used in honey-proxy side, doesnt match the certificate I just install on my android, I think.
Does the mitmproxy-ca-cert.cer in ~/.mitmproxy folder is not the one used in honey-proxy? I try to delete all the certificates in ~./mitmproxy folder, and restart honey proxy, It receated.
I was confused. Is there someone could help me for this? Thanks.