HTTP CONNECT method (for ssl) not supported? about mitmproxy HOT 8 CLOSED

Hi there. No, HTTP CONNECT is definitely supported - in fact, it's the way that we do the SSL interception. First, please fire up the event log (e shortcut key from the flow list), and make sure that there is in fact a network connection from the client so show that the request is definitely going through mitmproxy. Second, could you please give me some more info. Does the connection succeed, or does it fail? What does the client see when the connection is attempted? Do you have a way to trigger the behaviour reproducibly?

Cheers,

Aldo

from mitmproxy.

Aldo, thanks for the response! I do see the requests fail in the error log:

-> error: Reading request: [Errno 6] _ssl.c:499:  TLS/SSL connection has been closed

If you have an iOS 6 device you can duplicate the issue by loading up the app store and clicking updates. Mitmproxy works great on iOS 5 app store but not iOS 6. The SSL handshake now fails for some odd reason. I have only noticed this issue with iOS 6, all other requests (from other sources) work fine.

Not sure if this is an Mitmproxy bug or new iOS 6 SSL security measures?

Again, thanks for your help!

• Pat

from mitmproxy.

Hi Pat. This is interesting. I'll take a look at this first-hand soon, but the behaviour you describe is very characteristic of certificate pinning. It may well be that Apple is now pinning the certs for app store updates, which would be a significant policy shift. I'll keep this bug open for now, and report back once I've had time to check it out.

from mitmproxy.

Great! Thanks for your help. I'll update if I notice anything else that may be of help.

from mitmproxy.

Support for proper CONNECT instead of SSL interception (if possible, even filtered by IP) would be great; it would allow:

• Compare "real" behavior to behavior with active SSL interception (useful while installing the certificates)
• Intercepting just one specific target address (say, the one of the application I'm analyzing) while not interrupting the rest of the target system
• Using mitmproxy as a regular proxy to analyze HTTP traffic, while ignoring (but not disturbing) HTTPS traffic

from mitmproxy.

I also have problems accessing the App Store with mitmproxy with the same error as @patjack using iOS 6.0.2. I am unable to access any of the stores on my device either. I also get it on iBooks and iTunes store but haven't been able to replicate it in any other Apple app.

I suspect that @cortesi is right and Apple is pinning certs for accessing the App Store.

from mitmproxy.

I've now confirmed this. Apple is indeed pinning certs for the app store. Sorry folks.

from mitmproxy.

Forgot to mention that this also applies to iBooks page read syncing. I was hoping to reverse engineer this if it was going to be simple but it doesn't look like it.

from mitmproxy.