I have an app on my Android phone I try to debug, but whenever I enable PcapDroid to send the TLS decrypted requests and responses to my PC, it won't allow any internet access in the app. I get no error messages in mitmproxy.
The only output is:
info: 192.168.xx.xxx:33396: client disconnect
info: 192.168.xx.xxx:43544: server disconnect xxx.xxx.xxx.xxx:443
and once in a while this is seen in the logs:
warn: 192.168.xx.xxx:43544: Client TLS handshake failed. The client may not trust the proxy's certificate for api.example.com (OpenSSL Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert certificate unknown')]))
This is the only request that is reporting it's failed TLS handshake. I know this request is something unimportant, so I wonder why none of the other more important requests aren't reporting anything.
Other apps are sending data fine.
Why is this app not allowing any internet connection? I have patched it with apk-mitm, as I do with all my other apps, to allow for inspection.
Many apps enforce certificate pinning : they come with an internal list of certificates that they trust, and they do not trust any other certificates (including certificates from the phone's certificate store). In this case, it is usually not possible to MITM their traffic with mitmproxy, because the app will reject the MITM certificate.
You have a few options:
--ignore-hosts
or --allow-hosts
to selectively ignore the host that the app is attempting to connect to. In this case, mitmproxy
will directly pass through the connection without attempting to MITM it, and the connection will succeed. You can do this if you're not interested in those requests and just want the app to work.bks
files that you can just edit, some may have the stores packed inside a native library or Java class.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.