I have set up Charles on macOS 10.14.4 to allow proxying of all HTTP(S) traffic:
Installed the Charles root certificate in System keychain and enabled trust for all options
Configured macOS to use Charles as HTTP and HTTPS proxy
Enabled SSL proxying with a wildcard for the location (*.*)
Browsing to most sites (either HTTP or HTTPS) works fine and traffic is captured by Charles. However, some sites (as well as OS network traffic) fails with the error Client SSL handshake failed - Remote host closed connection during handshake.
I don't really know what's causing this. Is it because the process/site detects the Charles MITM certificate (and is expecting a different one)? Is there any way around this?
Related
I have a VPN (BIG-IP Edge) connection on which I wanted to test some websites using Charles Web Debugging Proxy, but Charles doesn't seem to detect my VPN connection because it doesn't detect the websites that I'm running on the VPN network.
Things I have tried so far:
Running Charles before establishing the VPN connection as mentioned here: https://www.charlesproxy.com/documentation/faqs/vpn-not-working-with-charles/
Enabling/Disabling “Proxy>macOS Proxy”
Disabling “Auto Proxy Config” in system preferences as mentioned here
Restarted system/Charles and Simulator, always simulator after charles.
Note: VPN does not even connect if I enable “Proxy>macOS Proxy” in Charles
Following situation:
intercepting web traffic with Charles Proxy works fine if i set the browsers http/https proxy to the port Charles is configured for (127.0.0.1:8888)
surfing over anonymously over Tor works also fine if i set the browsers socks proxy to the one which Tor is configured for (127.0.0.1:9150)
Now i want to chain both proxies in the way, that i can intercept the web traffic of my browser with Charles while being anonymously over the Tor network. So i set my browsers http/https proxy to Charles and in Charles i set up the "external Proxies" to Tor.
But somehow this doesn't work. Do i have some misconceptions? Thanks for help!
TL;DR:
Open command line (C:\Windows\System32\cmd.exe) and type this command in the console window:
"C:\TorBrowserBundle\Browser\TorBrowser\Tor\tor.exe" --HTTPTunnelPort 8118. Adjust path according to where your Tor Browser Bundle is located.
In Charles go to menu Proxy→External Proxy Settings
Select Use external proxy servers checkbox at the top
Clear Web Proxy (HTTP) and SOCKS Proxy checkboxes on the left side
Select Secure Web Proxy (HTTPS) on the left side
On the right side under Secure Web Proxy Server enter 127.0.0.1 and 8118
At the bottom select Always bypass external proxies for localhost checkbox
Click OK to save changes
Try opening https://google.com/ in the web browser configured to use Charles (better in Incognito window to make sure that your Google account settings do not interfere with Google language detection by geo-location). You should see localized Google page in some random language.
Explanations
Tor provides SOCKS proxy out of the box. By default Tor uses port 9050. You mentioned port 9150. This is default port used by Tor Browser Bundle. So I assume you use Tor Browser Bundle. But specifying SOCKS Proxy settings in External Proxy Settings in Charles won't allow you to open websites via https:// links. If you take a look at the Charles documentation, you might notice that only non-HTTPS traffic is being sent via SOCKS proxy. Quote (emphasis mine):
If you have a SOCKS proxy Charles will use it for all non-HTTP(S) traffic such as for Port Forwarding.
So in order to chain Charles via Tor, you must use non-SOCKS proxy.
By the way, I was unable to open http:// links via Charles when specified Tor as SOCKS proxy and disabled Secure Web Proxy (HTTPS). No idea why.
As the title says, I couldn't get mitm proxy to log ssl traffic of windows apps.
I tested an app working with ssl on both Android and Windows + Windows mobile.
Even in fiddler, I exempted the app but it couldn't track the requests either.
as I was searching I saw someone using a program (I couldn't find) to track the requests from a process called WinUAPEntry.exe that's used by universal apps for requests.
Any solutions?
I have installed the mitm proxy's ssl cerifitcaion
I have set the wifi proxy to the ip of the device where mitmproxy is running
I have forwarded the 80, 443 in iptables as mentioned in mitmproxy tutorials
You should be able to get this running with https://loopback.codeplex.com/. This is the same as Fiddler's EnableLoopback Utility though, so if that didn't work YMMV.
Searching a month I found out Windows Apps bypass proxy settings, tested on both Desktop and Mobile. I came up with solutions like MAC IP binding and setting NIC Ip of the host as a gateway but none worked.
I want an app I am testing to use Win (10) OS system proxy settings. I'm watching packets on the proxy and see HTTPS browsing traffic on Chrome (I've installed a self signed cert on Win).
I can also see a few other OS requests coming through the proxy server. For some reason though, some apps don't pay attention to the system proxy settings.
Is there any way to force all connections through the proxy server? The app I'm testing uses Qt - QWebView. I found a reference here that you need to change the source to use a proxy. This won't work for me as I only have access to the production binary for this test.
How can I force an OS proxy connection, or otherwise route that traffic through my proxy?
Note my OS is in a virtual machine.
Edit: I'm wondering if editing the hosts file could route the traffic for a particular URL to my Proxy? I'm trying Acrylic but I'm not having any luck.
I want to add fiddler certificate to decode HTTPS traffic on my Android mobile. But I don't want to user PIN lockscreen. It is possible to add fiddler certificate to squid proxy ?
My scheme is
Android device -> Squid Proxy -> Fiddler
If your squid proxy runs on linux box, Linux certificates will be of type .pem
Fiddler root certificate will be of windows native form i guess.
For decryption you can generate intermediate linux certificate and using that certificate you can tell squid to bump all https traffic hitting the proxy.
But you need to install the corresponding root certificate in all devices that connects to that proxy or else you will get security warning about man in middle attack