search

monkeyWie / proxyee

HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
MIT License
1.5k stars 566 forks source link

证书错误,io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Read error: #277

Open gitcfly opened 1 year ago

gitcfly commented 1 year ago

使用代码如下: public void startProxyServer() { HttpProxyServerConfig config = new HttpProxyServerConfig(); config.setHandleSsl(true); HttpProxyCACertFactory caCertFactory = new HttpProxyCACertFactory() { @Override public X509Certificate getCACert() throws Exception { X509Certificate certf = CertUtil.loadCert(getResources().getAssets().open("ca.crt")); return certf; }

        @Override
        public PrivateKey getCAPriKey() throws Exception {
            PrivateKey caPriKey = CertUtil.loadPriKey(getResources().getAssets().open("ca_private.der"));
            return caPriKey;
        }
    };
    HttpProxyInterceptInitializer httpIntercept = new HttpRspProxyIntercept(caCertFactory);
    proxyServer = new HttpProxyServer()
            .serverConfig(config)
            .caCertFactory(caCertFactory)
            .proxyInterceptInitializer(httpIntercept);
    proxyServer.startAsync(62222);
}

报错日志如下:辛苦大佬看下这个是什么问题

W/System.err: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ae30e4ac8: Failure in SSL library, usually a protocol error W/System.err: error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN (external/boringssl/src/ssl/tls_record.cc:587 0xb400007a949032c8:0x00000001) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) W/System.err: at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) W/System.err: at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) W/System.err: at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) W/System.err: at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) W/System.err: at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) W/System.err: at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) W/System.err: at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) W/System.err: at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) W/System.err: at java.lang.Thread.run(Thread.java:923) W/System.err: Caused by: javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ae30e4ac8: Failure in SSL library, usually a protocol error W/System.err: error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN (external/boringssl/src/ssl/tls_record.cc:587 0xb400007a949032c8:0x00000001) W/System.err: at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:362) W/System.err: at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134) W/System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:919) W/System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747) W/System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712) W/System.err: at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:237) W/System.err: at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296) W/System.err: at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343) W/System.err: at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236) W/System.err: at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) W/System.err: ... 17 more W/System.err: Caused by: javax.net.ssl.SSLProtocolException: Read error: ssl=0xb400007ae30e4ac8: Failure in SSL library, usually a protocol error W/System.err: error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN (external/boringssl/src/ssl/tls_record.cc:587 0xb400007a949032c8:0x00000001) W/System.err: at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method) W/System.err: at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:568) W/System.err: at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095) W/System.err: at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataHeap(ConscryptEngine.java:1115) W/System.err: at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1087) W/System.err: at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876) W/System.err: ... 26 more W/System: A resource failed to call close. W/System: A resource failed to call close. W/System.err: java.lang.NoClassDefFoundError: Failed resolution of: Lcom/jcraft/jzlib/Inflater; W/System.err: at io.netty.handler.codec.compression.JZlibDecoder.(JZlibDecoder.java:29) W/System.err: at io.netty.handler.codec.compression.JZlibDecoder.(JZlibDecoder.java:62) W/System.err: at io.netty.handler.codec.compression.ZlibCodecFactory.newZlibDecoder(ZlibCodecFactory.java:122) W/System.err: at io.netty.handler.codec.http.HttpContentDecompressor.newContentDecoder(HttpContentDecompressor.java:61) W/System.err: at io.netty.handler.codec.http.HttpContentDecoder.decode(HttpContentDecoder.java:100) W/System.err: at io.netty.handler.codec.http.HttpContentDecoder.decode(HttpContentDecoder.java:47) W/System.err: at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:88) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:324) W/System.err: at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:324) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) W/System.err: at com.github.monkeywie.proxyee.intercept.common.FullResponseIntercept.afterResponse(FullResponseIntercept.java:60) W/System.err: at com.github.monkeywie.proxyee.intercept.HttpProxyInterceptPipeline.afterResponse(HttpProxyInterceptPipeline.java:100) W/System.err: at com.github.monkeywie.proxyee.handler.HttpProxyClientHandler.channelRead(HttpProxyClientHandler.java:37) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:436) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:333) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:454) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) W/System.err: at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:251) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1373) W/System.err: at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236) W/System.err: at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) W/System.err: at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) W/System.err: at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) W/System.err: at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) W/System.err: at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) W/System.err: at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) W/System.err: at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) W/System.err: at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) W/System.err: at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) W/System.err: at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) W/System.err: at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) W/System.err: at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) W/System.err: at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) W/System.err: at java.lang.Thread.run(Thread.java:923) W/System.err: Caused by: java.lang.ClassNotFoundException: Didn't find class "com.jcraft.jzlib.Inflater" on path: DexPathList[[dex file "/data/data/com.ckj.demox/code_cache/.overlay/base.apk/classes4.dex", zip file "/data/app/OuQ-TBEjQg-hvAFacqxO_g==/com.ckj.demox-m6CYK2AWSvefHhU6W7JDzA==/base.apk"],nativeLibraryDirectories=[/data/app/OuQ-TBEjQg-hvAFacqxO_g==/com.ckj.demox-m6CYK2AWSvefHhU6W7JDzA==/lib/arm64, /system/lib64, /system/system_ext/lib64]] W/System.err: at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:207) W/System.err: at java.lang.ClassLoader.loadClass(ClassLoader.java:379) W/System.err: at java.lang.ClassLoader.loadClass(ClassLoader.java:312) W/System.err: ... 61 more

monkeyWie commented 1 year ago

你抓的应用应该做了ssl pinning

gitcfly commented 1 year ago

你抓的应用应该做了ssl pinning

没有的,我抓取的安卓应用是我自己开发的,一个简单的安卓webview, 没有做ssl pinning。 我是在安卓应用中执行的第一条评论中的startProxyServer方法,然后在webview中设置代理,结果发现无法对百度首页进行抓包。看这个报错像是netty读取证书有问题,我用的证书是proxyee下的证书,从你的项目下载之后复制到我的应用中的,大佬能帮忙看看这个能解决吗

monkeyWie commented 1 year ago

根证书安装了吗

gitcfly commented 1 year ago

根证书安装了吗

是的,已经安装过了,在新人的凭据中,有我安装的用户凭据,名称为ProxyeeRoot。

monkeyWie commented 1 year ago

你要不先试试电脑上跑代理,看看行不行,排除下安卓底层库的问题

monkeyWie commented 1 year ago

突然想起来了,你可能需要自己生成一个根证书: image

gitcfly commented 1 year ago

突然想起来了,你可能需要自己生成一个根证书: image

我曾经按照项目介绍,完全用一样的openssl命令生成过证书,发现是一样的错误,网上查阅资料,发现可能是netty与安卓证书不兼容,具体原因和解决方法不清楚

monkeyWie commented 1 year ago

是只有你app的webview抓不了吗,有正常能抓的吗

gitcfly commented 1 year ago

是只有你app的webview抓不了吗,有正常能抓的吗

感谢你的解答,等我尝试在安卓上运行一下此代理服务,然后抓一下电脑浏览器的数据看看能不能有效果,有结果了我再反馈给你

gitcfly commented 1 year ago

是只有你app的webview抓不了吗,有正常能抓的吗

感谢你的解答,等我尝试在安卓上运行一下此代理服务,然后抓一下电脑浏览器的数据看看能不能有效果,有结果了我再反馈给你

我尝试过,在安卓上确实无法正常执行https中间人代理,无法拦截到https的任何请求。用电脑浏览器也试过了

gitcfly commented 1 year ago

另外,我看好多代理服务的证书内容都是以-----BEGIN PRIVATE KEY----- 和-----BEGIN CERTIFICATE-----开始的两个文件,但是你的项目是中有个文件是ca_private.der是乱码的,不清楚是不是这个的原因,可以让这个项目支持下面这种形式的证书吗: -----BEGIN PRIVATE KEY----- -----BEGIN CERTIFICATE----- 这样的话,我可以更换一个可以正常代理的证书再尝试一下