I want to add fiddler certificate to decode HTTPS traffic on my Android mobile. But I don't want to user PIN lockscreen. It is possible to add fiddler certificate to squid proxy ?
My scheme is
Android device -> Squid Proxy -> Fiddler
If your squid proxy runs on linux box, Linux certificates will be of type .pem
Fiddler root certificate will be of windows native form i guess.
For decryption you can generate intermediate linux certificate and using that certificate you can tell squid to bump all https traffic hitting the proxy.
But you need to install the corresponding root certificate in all devices that connects to that proxy or else you will get security warning about man in middle attack
Related
I have a new laptop. I am connected from my home wifi network via VPN to my company network. In the old one when I enable manual proxy (needed for some scan app to record internet traffic) there are no issues. In the new one once I change to manual proxy, access to all internet and intranet sites fail due to non trusted certificates (no issue when not using manual proxy). The failures are the same in all browsers. Both laptops have windows 10.
"security certificate is not trusted by your computer's operating system"
Your PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID
Any idea?
how can i use the external ip of my centos7 instance with https, like for example https://external_ip to open an application like https://external_ip:Port/my_application
Generate a self-sign certificate using openssl.
Check this out here:
https://stackoverflow.com/a/10176685/9662626
Open a https port on your webserver. Set the certificate in the config (I can't be specific here because I don't know about your operating system and your choice of web server). Finally setup a reverse proxy to proxy the web server port to your app port.
I have set up Charles on macOS 10.14.4 to allow proxying of all HTTP(S) traffic:
Installed the Charles root certificate in System keychain and enabled trust for all options
Configured macOS to use Charles as HTTP and HTTPS proxy
Enabled SSL proxying with a wildcard for the location (*.*)
Browsing to most sites (either HTTP or HTTPS) works fine and traffic is captured by Charles. However, some sites (as well as OS network traffic) fails with the error Client SSL handshake failed - Remote host closed connection during handshake.
I don't really know what's causing this. Is it because the process/site detects the Charles MITM certificate (and is expecting a different one)? Is there any way around this?
I want an app I am testing to use Win (10) OS system proxy settings. I'm watching packets on the proxy and see HTTPS browsing traffic on Chrome (I've installed a self signed cert on Win).
I can also see a few other OS requests coming through the proxy server. For some reason though, some apps don't pay attention to the system proxy settings.
Is there any way to force all connections through the proxy server? The app I'm testing uses Qt - QWebView. I found a reference here that you need to change the source to use a proxy. This won't work for me as I only have access to the production binary for this test.
How can I force an OS proxy connection, or otherwise route that traffic through my proxy?
Note my OS is in a virtual machine.
Edit: I'm wondering if editing the hosts file could route the traffic for a particular URL to my Proxy? I'm trying Acrylic but I'm not having any luck.
I am working to setup my application to watch calendar events through Google's Calendar API. In doing so I must setup a "Push" endpoint on my server that has a valid SSL certificate (not self-signed).
My production environment is running on Heroku so setting up an SSL cert was easy using Expidited SSL. I have two CNames setup in GoDaddy, one for my production application and one for my development environment tunneled through ngrok. I'm using the paid ngrok feature of white labeled domain tunneling (dev.mydomain.com).
Host Points To
www saga-1234.herokussl.com
dev ngrok.com
The problem is that my ssl certificate is recognized when you hit the production application (www.mydomain.com), but it uses ngrok's certificate when you visit the development application (dev.mydomain.com).
How can I setup my ngrok tunnel to use my ssl certificate?
Ngrok's white labeled domain does not support HTTPS if you are using your own domain. Simply because it serves it's own certificate, where you need to serve your domain's. That's why you are getting certificate mismatch issue.
Here's what you could do to watch calendar events on your dev machine:
Point ngrok.mydomain.com to another server, let's say a new EC2
micro instance
Point wildcard CNAME to ngrok.mydomain.com
Compile ngrok server and client to use your certificate (rather than
ngrok.com)
Run the ngroku-server on EC2 instance
On your dev machine config the client to use ngrok.mydomain.com instead of ngroku.com
Run ngrok -subdomain=dev 80
Your local dev machine's 80 port should be accessible via https://dev.mydomain.com
This is really cool and is very helpful when debugging Google's webhooks, which require valid HTTPS and a verified root domain name.
Another interesting trick is to use CloudFlare's universal SSL to have a valid https://dev-machine.mydomain.com pointing to your dev machine without purchasing a certificate. The steps are exactly the same except that you need to issue your own certificate for ngrok client-server communications and use CloudFlare's Flex SSL for dev-machine.yourdomain.com.
ngrok has a new feature that tunnels and terminates SSL. Thus you can use your own domain and HTTPS. No need to open ports in your router or PC. They call it TLS Tunneling. The following is a link to a GitHub repos that describes how to do it.
How to use your own domain to access your home PC over the internet. Use HTTPS without raising SSL errors.