2

Problem Description

Trying to capture the traffic from an Android device using reverse tethering and then proxying the traffic to mitmproxy, we've installed the MITM certificate in the device. Browser traffic is working fine but application traffic is giving SSL certificate errors. tried to use --ssl-insecure flag as well but didn't work.

Steps to reproduce the behaviour:

  1. Run MITM proxy
  2. Forward the traffic to proxy using reverse tethering and proxychains.
  3. Installed MITM certificate in the device
  4. Browser traffic is working fine (both HTTP & HTTPS) but application traffic is not working, giving certificate errors.
  5. Used a path tls_passthrough as well. Half of the apps traffic works but still apps like amazon doesn't work due to SSL pinning

How to bypass SSL certificate verification?

System Information

Checked with version 6 & 7 both on (Ubuntu & Android).

Sawan Garg
  • 99
  • 1
  • 8
  • 3
    How did you install the Mitm root CA certificate on the Andorid device? The correct way is documented here: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/ But it works only for apps that don't use certificate pinning. See also this SO question: https://stackoverflow.com/q/57568571/150978 – Robert Oct 29 '21 at 08:47
  • thanks for the quick response. We're installing the certificate using the settings app's security & credentials section. With this, it's working for browser HTTPS requests and a few apps as well where certificate pinning is not implemented. 1st link is related to emulators I think. And for 2nd link device needs to be rooted which will eliminate the security of all the apps. – Sawan Garg Oct 29 '21 at 08:56
  • 2
    As mentioned in the second link installing a root CA certificate via settings is useless for most apps as they don't trust those certificates on modern Android devices. The first links is essential for every modern Android device, it is just written for the Android emulator as this is a common use case for Mitmproxy users. And the second link shows you how to manipulate an app so that it trusts a user installed root CA certificate. These are you options if you don't like it or not. – Robert Oct 29 '21 at 09:02

2 Answers2

3

--ssl-insecure controls whether mitmproxy validates the certificate it received from the upstream server. This does not affect how the client is checking the certificate generated by mitmproxy.

If the client does not trust mitmproxy, you need to fix that on the client. Robert has provided some pointers in the comments for Android specifically.

Maximilian Hils
  • 6,309
  • 3
  • 27
  • 46
0

I found changing the options to disable HTTP2 worked for me:

Enable/disable HTTP/2 support. HTTP/2 support is enabled by default.

Dave Campbell
  • 1