CODEWITHSUNDEEP
androidmitmproxyburp
TonyStark
TonyStark

Reputation: 379

Cannot establish TLS with client

I have configured android APP to bypass certificate pinning using some modification of app and installed mitm certificate as system and user in android

After running mitmproxy and mitmdump i got below error

however i tried all possible way to solve issue but only in one app i am facing this error

Certificate verification error for www.kjljjlk.com.mx:
                          ("hostname 'www.hjkhjk.com.mx' doesn't match either
                          of 'a248.e.jhkhkdsfsf.net', '*.dsfsfds-sdfsdfdsf.net',
                          '*.sdffdsfsdf.net', '*.dsfsdfdsf-sdfsfsf.net',
                          '*.dfsfsdsdf.net'",)

 << Cannot establish TLS with client (sni: xyxyxyxy.com): TlsException("SSL handshake error: Error([('SSL routines', 'tls_process_client_hello', 'parse tlsext')])")

I also try to run with burpsuite, but i get unknown_ca error

After all i tried to open site in firefox, and i get warning of potential risk

xyxyxyx.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

so i click on accept risk and continue, then it open

but somehow in android app it is not accessing site

any help pls

Thank you

======

> Mitmproxy: 5.0.0 binary Python:    3.7.5 OpenSSL:   OpenSSL 1.1.0j  20
> Nov 2018 Platform: 
> Linux-5.3.0-7625-generic-x86_64-with-debian-buster-sid

Upvotes: 2

Views: 7035

Answers (2)

Alex
Alex

Reputation: 150

@MaximilianHils

    from mitmproxy import options
    from mitmproxy import proxy
    from mitmproxy.tools import dump
    
    myaddon = Myaddon()
    prot = sys.argv[1]
    opts = options.Options(listen_port=int(prot), ssl_insecure=True, http2=False)
    pconf = proxy.config.ProxyConfig(opts)
    m = dump.DumpMaster(opts)
    m.server = proxy.server.ProxyServer(pconf)
    m.addons.add(myaddon)

Upvotes: -1

Maximilian Hils
Maximilian Hils

Reputation: 6770

As a general rule, you can disable certificate checking with the ssl_insecure option.

What TLS versions are supported by the server? It might be that the server is TLS 1.3 only, which mitmproxy doesn't support at the moment (https://github.com/mitmproxy/mitmproxy/pull/3692).

Upvotes: 4

Related Questions