Mitmproxy: error while running mmitmproxy

Created on 21 Dec 2015  路  1Comment  路  Source: mitmproxy/mitmproxy

10.42.0.100:35453: TLS verification failed for upstream server at depth 0 with error: Invalid Hostname
10.42.0.100:35453: Ignoring server verification error, continuing with connection

10.42.0.63:47784: TLS verification failed for upstream server at depth 2 with error: 20
10.42.0.63:47784: Ignoring server verification error, continuing with connection

also in Iphone sometime it show facebook application traffic but most of time it fail to show
10.42.0.45:50438: Client Handshake failed. The client may not trust the proxy's certificate for graph.facebook.com.
it always shown this msg only 2-3 time it works for facebook app but i dont know how and why
if you need more inputs from me to dugout this issue i will love to help

kinquestion

Most helpful comment

You're showing two different issues here.

10.42.0.100:35453: TLS verification failed for upstream server at depth 0 with error: Invalid Hostname
10.42.0.100:35453: Ignoring server verification error, continuing with connection

This indicates that mitmproxy cannot validate the server's certificate (i.e. it is not trusted by the Mozilla CA Store). This could indicate a MITM attack or someone using self-signed certificates. As the error message explains, we ignore this problem unless --verify-upstream-cert is passed.

10.42.0.45:50438: Client Handshake failed. The client may not trust the proxy's certificate for graph.facebook.com.

This indicates that the client refuses to accept mitmproxy's spoofed certificate. If that happens even after you have installed the mitmproxy CA cert on the phone, you're facing certificate pinning.

>All comments

You're showing two different issues here.

10.42.0.100:35453: TLS verification failed for upstream server at depth 0 with error: Invalid Hostname
10.42.0.100:35453: Ignoring server verification error, continuing with connection

This indicates that mitmproxy cannot validate the server's certificate (i.e. it is not trusted by the Mozilla CA Store). This could indicate a MITM attack or someone using self-signed certificates. As the error message explains, we ignore this problem unless --verify-upstream-cert is passed.

10.42.0.45:50438: Client Handshake failed. The client may not trust the proxy's certificate for graph.facebook.com.

This indicates that the client refuses to accept mitmproxy's spoofed certificate. If that happens even after you have installed the mitmproxy CA cert on the phone, you're facing certificate pinning.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

nesttle picture nesttle  路  4Comments

fjcaetano picture fjcaetano  路  4Comments

mancubus77 picture mancubus77  路  3Comments

rtoma picture rtoma  路  4Comments

mswilson4040 picture mswilson4040  路  4Comments