I have configured android APP to bypass certificate pinning using some modification of app and installed mitm certificate as system and user in android
After running mitmproxy and mitmdump i got below error
however i tried all possible way to solve issue but only in one app i am facing this error
Certificate verification error for www.kjljjlk.com.mx:
("hostname 'www.hjkhjk.com.mx' doesn't match either
of 'a248.e.jhkhkdsfsf.net', '*.dsfsfds-sdfsdfdsf.net',
'*.sdffdsfsdf.net', '*.dsfsdfdsf-sdfsfsf.net',
'*.dfsfsdsdf.net'",)
<< Cannot establish TLS with client (sni: xyxyxyxy.com): TlsException("SSL handshake error: Error([('SSL routines', 'tls_process_client_hello', 'parse tlsext')])")
I also try to run with burpsuite, but i get unknown_ca error
After all i tried to open site in firefox, and i get warning of potential risk
xyxyxyx.com uses an invalid security certificate. The certificate is
not trusted because it is self-signed. Error code:
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
so i click on accept risk and continue, then it open
but somehow in android app it is not accessing site
any help pls
Thank you
======
> Mitmproxy: 5.0.0 binary Python: 3.7.5 OpenSSL: OpenSSL 1.1.0j 20
> Nov 2018 Platform:
> Linux-5.3.0-7625-generic-x86_64-with-debian-buster-sid
2
Answers
As a general rule, you can disable certificate checking with the ssl_insecure option.
What TLS versions are supported by the server? It might be that the server is TLS 1.3 only, which mitmproxy doesn’t support at the moment (https://github.com/mitmproxy/mitmproxy/pull/3692).
@MaximilianHils