Comments (8)
Hi there. No, HTTP CONNECT is definitely supported - in fact, it's the way that we do the SSL interception. First, please fire up the event log (e shortcut key from the flow list), and make sure that there is in fact a network connection from the client so show that the request is definitely going through mitmproxy. Second, could you please give me some more info. Does the connection succeed, or does it fail? What does the client see when the connection is attempted? Do you have a way to trigger the behaviour reproducibly?
Cheers,
Aldo
from mitmproxy.
Aldo, thanks for the response! I do see the requests fail in the error log:
-> error: Reading request: [Errno 6] _ssl.c:499: TLS/SSL connection has been closed
If you have an iOS 6 device you can duplicate the issue by loading up the app store and clicking updates. Mitmproxy works great on iOS 5 app store but not iOS 6. The SSL handshake now fails for some odd reason. I have only noticed this issue with iOS 6, all other requests (from other sources) work fine.
Not sure if this is an Mitmproxy bug or new iOS 6 SSL security measures?
Again, thanks for your help!
- Pat
from mitmproxy.
Hi Pat. This is interesting. I'll take a look at this first-hand soon, but the behaviour you describe is very characteristic of certificate pinning. It may well be that Apple is now pinning the certs for app store updates, which would be a significant policy shift. I'll keep this bug open for now, and report back once I've had time to check it out.
from mitmproxy.
Great! Thanks for your help. I'll update if I notice anything else that may be of help.
from mitmproxy.
Support for proper CONNECT instead of SSL interception (if possible, even filtered by IP) would be great; it would allow:
- Compare "real" behavior to behavior with active SSL interception (useful while installing the certificates)
- Intercepting just one specific target address (say, the one of the application I'm analyzing) while not interrupting the rest of the target system
- Using mitmproxy as a regular proxy to analyze HTTP traffic, while ignoring (but not disturbing) HTTPS traffic
from mitmproxy.
I also have problems accessing the App Store with mitmproxy with the same error as @patjack using iOS 6.0.2. I am unable to access any of the stores on my device either. I also get it on iBooks and iTunes store but haven't been able to replicate it in any other Apple app.
I suspect that @cortesi is right and Apple is pinning certs for accessing the App Store.
from mitmproxy.
I've now confirmed this. Apple is indeed pinning certs for the app store. Sorry folks.
from mitmproxy.
Forgot to mention that this also applies to iBooks page read syncing. I was hoping to reverse engineer this if it was going to be simple but it doesn't look like it.
from mitmproxy.
Related Issues (20)
- linux/amd64 does not match the detected host platform (linux/arm/v7)
- Listen on a unix socket in reverse-proxy mode
- 【10.4.2】 wireguard mode dns Error HOT 13
- When downloading large files, the CPU is fully occupied, resulting in slow download speed HOT 1
- Download large file with CPU full HOT 1
- Downloading a large file causes the memory to be fully occupied HOT 1
- Client & mitmproxy cannot agree on a TLS version to use no matter how tls_version_client_min is updated
- mitmdump no longer shows failed CONNECT for nonexisting domain HOT 2
- DNS Resolver: Add `getaddrinfo` fallback
- ssl_verify_upstream_trusted_ca replaces default certificates HOT 1
- from Crypto.Cipher import AES ModuleNotFoundError: No module named 'Crypto'. HOT 1
- tcp-simple.py example still working? How to intercept raw TCP traffic HOT 1
- ImportError related to the cryptography library HOT 1
- HTTP3 reverse proxy: Handshake fails when accessing using IP via firefox HOT 2
- QUIC layer does not handle `StopSendingReceived` event
- DNS Tests are extremely slow on some platforms
- HTTP3 over local mode: Unable to access certain websites using firefox via HTTP3 HOT 3
- Endless loop when processing very large tnetstring HOT 1
- Cannot change server.via on open connection
- http_version return HTTP/2 as HTTP/2.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mitmproxy.