search

zu1k / Good-MITM

Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript rule.
https://good-mitm.zu1k.com
MIT License
801 stars 102 forks source link

Failed to establish TLS connection with client #46

Closed piokto closed 2 years ago

piokto commented 2 years ago 
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
[2022-09-21T08:44:24Z INFO  g
zu1k commented 2 years ago

无法与客户端建立 TLS 连接,大概率因为客户端不信任证书。

  1. 检查操作系统或浏览器是否信任 Good-MITM 证书
  2. 检查是否有 SSL Pinning
piokto commented 2 years ago

使用拦截时无法对http进行访问

zu1k commented 2 years ago

使用拦截时无法对http进行访问

请提供更详细的信息

piokto commented 2 years ago

在服务器使用证书拦截时,http链接无法访问,https链接可以访问 日志如下 [2022-09-21T09:08:47Z INFO good_mitm] CA Private key use: ca/private.key [2022-09-21T09:08:47Z INFO good_mitm] CA Certificate use: ca/cert.crt [2022-09-21T09:08:47Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567 [2022-09-21T09:10:11Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:10:16Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace [2022-09-21T09:28:14Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:28:20Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:29:16Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:29:16Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:40:48Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:40:48Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:47:17Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:47:17Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:47:25Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30

zu1k commented 2 years ago

请附上你的规则文件,日志使用源码格式

piokto commented 2 years ago 
- name: "reject CSDN"
  filter:
   -  domain-keyword: 'csdn'
   -  domain-keyword: 'hao123'
   -  domain-keyword: 'cctv'
  action:
       redirect: "https://baidu.com"
- name: "reject youtube.com"
  filter:
   -  domain-keyword: 'youtube'
  action:
       redirect: "http://xxx.xxx.xxx.xxx"

规则大概是这样的 日志文件在哪看呢

zu1k commented 2 years ago

无法复现,测试无任何问题,请自行检查