Possible duplicate of Charles Proxy SSL Certificate not working but I provide more details since those answers didn't help me.
I am on my MacBook (High Sierra 10.13.6) and I want to see what my web app is sending/receving over Chrome browser, Version 71.0.3578.98 (Official Build) (64-bit). I am using Charles V3.12.3 (old but I don't have license for the most recent one).
According to their doc for Mac OS:
In Charles go to the Help menu and choose "SSL Proxying > Install
Charles Root Certificate". Keychain Access will open. Find the
"Charles Proxy..." entry, and double-click to get info on it. Expand
the "Trust" section, and beside "When using this certificate" change
it from "Use System Defaults" to "Always Trust". Then close the
certificate info window, and you will be prompted for your
Administrator password to update the system trust settings.
It's trusted in my Keychain as you see here:
However, I still get a lot of <unknown> things! in Charles:
Any idea what I am missing?
I have restarted Chrome browser as well as Charles few times. I even restarted my system once however I am still getting same <unknown> responses.
I'm able to see my request/responses on Chrome DevTools without any problem.
My VPN is off. In fact I deleted the whole app (as several people complained about having it on).
Charles will (thankfully) not automatically perform man in the middle attacks on all your SSL connections.
You need to enable SSL proxying on a per domain basis. Either by context clicking the connection and choosing Enable SSL Proxying from the menu or in the SSL Proxying Settings window in the Tools menubar.
Try restart your browser.
I have the same issue, certificate is trust, but content still unknow.
After quit and restart Chrome browser. Everything works.
Related
I have installed mitmproxy (macOS Mojave) to monitor the complete traffic through a browser. However, the browser stops connecting to various webpages and give a warning
Did Not Connect: Potential Security Issue
I am not able to go ahead. How can I disable this block? How can I continue browsing as an exception?
Or is there a different tool to monitor network traffic that is easier to handle?
You need to make Firefox trust the root-CA certificate generated and used by Mitmproxy.
To do so open the Firefox preferences -> Privacy & Security
Then scroll down to the end of the page and click the Button "Show Certificates"
Select the Tab "Authorities" and klick on the Button "Import".
If the file selector dialog select the file ~/.mitmproxy/mitmproxy-ca-cert.cer.
When Firefox asks about for what purpose the certificate should be trusted select "for websites".
Once the certificate has been installed Firefox trusts Mitmproxy and you can browse the web through Mitmproxy. If some pages sill not work you have to clear the Firefox cache to remove the HTTP Strict Transport Security (HSTS) pinned certificates.
I can't open non secure sites (any direction with hhtp://) . Only works in https sites.
I Tried the following with no results except in safe mode.
-Diferent browsers (Safari, Chrome, Firefox).
-Deleting Preferences and system configuration.
-Reboot in safe mode (Thats Works!!).
-Checking the proxies configuration (i haven't proxies)
-Changing the DNS.
-Turning off/on wifi.
-Repair directory permissions.
-Flushing DNS Cache.
-Reseting Router.
Anyone that can help me?. I am little desperate.
Thks in advance
Finally i solved the problem and it was very very strange.
I found the following " com.erythropoieic.net - preferences.plist " file under the "Library / LaunchDaemons / " folder. This file called this script " change_net_settings.sh " changing the network Properties. I removed that files and thew problem was solved.
I faced the same with all browsers on my macbook pro. This is a malware issue. Please run anti- malware clean up using the malwarebytes.
This is a frequent problem when updating Microsoft OS or Internet Explorer. Seems the update flips the LAN Connection setting, so:
Start Internet Explorer
Click on Setting (upper right)
Click the Tools button
Click on Internet Options
Click on Connections tab
Click on LAN settings
UNCHECK Proxy Server for your LAN
Select OKAY
Validate you can now get to websites without having to manually enter https://
I had the same issue in FireFox (45.X ESR) from Linux. I could only browse to sites if I used https://. If I used http:// or www:// I got redirected to dnssearch.com (my ISP is Time Warner). It turn's my issue was with how Firefox was configured to connect to the Internet. To resolve this issue in Firefox, click the open menu icon and select Options (or Preferences in older versions) and then select Advanced. On the Advanced page, click the Network tab. On the Network page, click Settings (For how Firefox connects to the internet). Under Configure Proxies to Access the internet, there a several radio buttons. In my case, the Manual proxy configuration was checked. I changed this and check: No proxy. This resolved my issue. I could then access any site as normal.
I had Firefox 30.0 and I was able to access some intranet Apache servers using HTTPS just by bypassing the Untrusted Connection warning. After upgrading to Firefox 31.0, in some computers it's not possible to connect to some of our servers anymore. After typing the URL, all we see is a blank page and the "connecting..." message on the status bar.
This happened with some OSX and Windows 7 clients, but for some clients and some servers with the same code, it works fine. Other browsers are also fine.
Here's a solution that works for OSX and Windows 7 and doesn't require the Reset Firefox feature. Basically we want to Delete or Distrust the "problematic" certificates from the Authorities:
Go to Firefox Menu > Options
Go to Advanced tab >Certificates > View Certificates
Go to Authorities tab on the Certificate Manager dialog and look for the Certificate Name (in my case it is an IP number, grouped by the company that issued it)
Select all the "problematic" certificates (it might have more than one for the same site) and click on Delete or Distrust and confirm. Here is important to make sure no "problematic" certificate is left there.
Once you followed these steps, close the options dialogs and just access the site with untrusted certificates again and Add Exception to trust the self-signed certificate.
Please refer to these threads for more information:
Firefox 31.0 (OSX) Sites with untrusted certificate won't load
Security certificate no longer valid after upgrading to latest FF
As Apple introduce extension support in Safari 5, I want to make an extension that manage proxy settings directly in the browser (like AutoProxy for Firefox or Proxy Switchy for Chrome).
I skimmed the source code of Proxy Switchy. It is mainly written in Javascript/HTML, but uses an external binary bundle to do proxy switching. Is this scheme doable in Safari extension? If not, is there other way to manage proxy settings in the extension?
I am having exactly same question although it is almost 2016 already and I am using Safari 9.0.2. It seems that Apple does not provide such an API for defining browser-specific proxy in extensions as Google does for Chrome. So I guess one would have to deal with system-wide proxy settings, that is to find solutions for setting up app-specific proxy.
(this the the link, not advertising) http://www.techrepublic.com/forum/questions/101-226884
https://apple.stackexchange.com/questions/18370/why-isnt-my-auto-proxy-setting-working-for-safari-5-1-in-lion
(answer from techrepublic and apple.stackexchange it's not advertising)
I think they say you can
Actually the easiest way is to use Apple's concept of 'Location'. In the Apple Menu, choose Location > Network Preferences ...
Most likely your current location is set as 'Automatic'. Choose "Edit Locations ..." in the selection menu, and add additional Proxy Locations. For each Location you can setup different proxy settings, which you can switch directly from the apple menu. Just make sure you edit the correct Network Interface on which you want to apply the proxy settings (if you are connected through LAN, but you set the proxy only on Wifi - it wouldn't work).
The Proxy Settings are under the [Advanced ...] button [proxies] tab. Enable and modify the proxies as you need.
Make sure that your Safari browser - or any browser you will be using - is set to use the "System Proxy Settings" ... and not it's own override. Safari always links back to the System Network Settings.
After considering this - would we still need a plugin doing essentially the same?
Yes it is possible to set proxy setting in safari. Please follow below steps.
1.) Open Safari if it is not already open.
2.) Choose Safari > Preferences, and then click Advanced.
3.) Click Change Settings.
The Network pane of System Preferences opens.
Use the information you got from your network administrator to change the proxy settings.
Click OK.
We have configured IIS 6 to accept client certificates and have installed the certificate services on our server. When we go to http://[our site]/CertSrv and request a Web Browser Certificate (client certificate) from IE7/8 on Windows XP and Vista and Windows 7, then issue the cert on the server certificate authority manager, all combinations of the client/OS seem to install the client certificate properly in the personal certificate store.
When we visit our test application that requires client certificates, all IE versions installed in Windows XP propmt for the client certificate and then properly display the page. Uhfortunately, all IE versions installed on Vista and Windows 7 do not prompt for the cert, nor do they automatically send the cert. It's like IE on these operating systems is unaware of the client certificate and it doesn't prompt for it, nor does it send it to the site.
Since everything works as expected, at least on the XP configurations, we assume that IIS6 is correctly configured.
It's been 8 hours with two of us trying to figure this out and we're ready to throw a laptop through a window and "the google" has let us down.
Thanks for anyone who can help.
Mark
ok, we figured this out.
in the /CertSrv app we have to request a certificate from advanced mode - we don't change anything - just type the identifying info as we would in not-advanced mode. now it works. who knows why? at least we can get some sleep.
As you probably already know, certsrv is a webbased app that runs on your certificate server.
Here are the steps required:
Go to the certsrv directory - probably http://localhost/certsrv/
Click "Request a Certificate"
Click "advanced certificate request"
Click "Create and submite a request to this CA"
Fill out the form, etc..
From this point forward its the same as any other certificate.