10.42.0.100:35453: TLS verification failed for upstream server at depth 0 with error: Invalid Hostname
10.42.0.100:35453: Ignoring server verification error, continuing with connection
10.42.0.63:47784: TLS verification failed for upstream server at depth 2 with error: 20
10.42.0.63:47784: Ignoring server verification error, continuing with connection
also in Iphone sometime it show facebook application traffic but most of time it fail to show
10.42.0.45:50438: Client Handshake failed. The client may not trust the proxy's certificate for graph.facebook.com.
it always shown this msg only 2-3 time it works for facebook app but i dont know how and why
if you need more inputs from me to dugout this issue i will love to help
You're showing two different issues here.
10.42.0.100:35453: TLS verification failed for upstream server at depth 0 with error: Invalid Hostname
10.42.0.100:35453: Ignoring server verification error, continuing with connection
This indicates that mitmproxy cannot validate the server's certificate (i.e. it is not trusted by the Mozilla CA Store). This could indicate a MITM attack or someone using self-signed certificates. As the error message explains, we ignore this problem unless --verify-upstream-cert is passed.
10.42.0.45:50438: Client Handshake failed. The client may not trust the proxy's certificate for graph.facebook.com.
This indicates that the client refuses to accept mitmproxy's spoofed certificate. If that happens even after you have installed the mitmproxy CA cert on the phone, you're facing certificate pinning.
Most helpful comment
You're showing two different issues here.
This indicates that mitmproxy cannot validate the server's certificate (i.e. it is not trusted by the Mozilla CA Store). This could indicate a MITM attack or someone using self-signed certificates. As the error message explains, we ignore this problem unless
--verify-upstream-certis passed.This indicates that the client refuses to accept mitmproxy's spoofed certificate. If that happens even after you have installed the mitmproxy CA cert on the phone, you're facing certificate pinning.