skip to Main Content

I have configured android APP to bypass certificate pinning using some modification of app and installed mitm certificate as system and user in android

After running mitmproxy and mitmdump i got below error

however i tried all possible way to solve issue but only in one app i am facing this error

Certificate verification error for www.kjljjlk.com.mx:
                          ("hostname 'www.hjkhjk.com.mx' doesn't match either
                          of 'a248.e.jhkhkdsfsf.net', '*.dsfsfds-sdfsdfdsf.net',
                          '*.sdffdsfsdf.net', '*.dsfsdfdsf-sdfsfsf.net',
                          '*.dfsfsdsdf.net'",)
 << Cannot establish TLS with client (sni: xyxyxyxy.com): TlsException("SSL handshake error: Error([('SSL routines', 'tls_process_client_hello', 'parse tlsext')])")

I also try to run with burpsuite, but i get unknown_ca error

After all i tried to open site in firefox, and i get warning of potential risk

xyxyxyx.com uses an invalid security certificate. The certificate is
not trusted because it is self-signed. Error code:
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

so i click on accept risk and continue, then it open

but somehow in android app it is not accessing site

any help pls

Thank you

======

> Mitmproxy: 5.0.0 binary Python:    3.7.5 OpenSSL:   OpenSSL 1.1.0j  20
> Nov 2018 Platform: 
> Linux-5.3.0-7625-generic-x86_64-with-debian-buster-sid

2

Answers


  1. As a general rule, you can disable certificate checking with the ssl_insecure option.

    What TLS versions are supported by the server? It might be that the server is TLS 1.3 only, which mitmproxy doesn’t support at the moment (https://github.com/mitmproxy/mitmproxy/pull/3692).

    Login or Signup to reply.
  2. @MaximilianHils

        from mitmproxy import options
        from mitmproxy import proxy
        from mitmproxy.tools import dump
        
        myaddon = Myaddon()
        prot = sys.argv[1]
        opts = options.Options(listen_port=int(prot), ssl_insecure=True, http2=False)
        pconf = proxy.config.ProxyConfig(opts)
        m = dump.DumpMaster(opts)
        m.server = proxy.server.ProxyServer(pconf)
        m.addons.add(myaddon)
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search