I am getting "< unknown > " requests that I can't read in the Charles proxy, when I enable SSL, they don't load at all.
I think my issue is that I dont have the certificate installed, when I go through Charles > SSL Proxying > Install Charles Root Certificate or through chls.pro/ssl. It will open Keychain Access but won't prompt for any install and I don't see it coming up on my list of keychains - see below
charles screenshot
keychain access screenshot
Related
I have changed to manual proxy, 127.0.0.1 on port 8080. That got me through to the certificates at http://mitm.it/ which I have downloaded and installed. But now firefox (latest version 89.0) is rejecting every web page because of mitmproxy. Under the advanced tab of the error page is this explanation:
Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
Is there a workaround for this?
Trying to investigate private APIs on apps installed on my Android, I've noticed most modern apps use custom client certificate meaning with the trusted root certificate installed on the Android, Charles still cannot monitor the traffic because the server would reject the handshake from Charles. I imagine either I will need a different tool for the traffic monitoring or I will need to direct Charles to use some custom certificate file embedded in the app itself.
You need that certificate file at hand (I don't know if and how you can extract it from application).
You also need to know the passphrase (password) for that certificate. Charles will ask it when you connect to selected host for 1st time.
Then just use latest Charles (tested on version 4.2.1) menu Proxy -> SSL Proxying Settings, tab Client Certificates and add certificate (PKCS#12 key file) for selected host and port.
I am trying to sniff traffic from some of my apps on the iphone.
I have charles installed. and i have installed the certificate on the iphone as instructed in charles (and i enabled the certificate on the iphone) + changes proxy to direct trafik from iphone to my computer through charles.
Everything works, i am getting trafik from the phone inside charles.
My problem is, all https called are failing for me. if i enable SSL proxy on a certain domain (let's take *.facebook.com for example) all requests give me a Failure SSL: Unrecognized SSL message, plaintext connection?.
It does not matter which app or which connection i try, i get the same error..
can anyone help me
Starting from iOS 10.3 SSL trust for the certificate has to be turned on manually for the manually installed certificate profiles in iOS so go to Settings > General > About > Certificate Trust Settings. Under Enable full trust for root certificates turn on trust for the certificate.]]
Here is the link to apple documentation
I configured my web server to use HTTPS instead of HTTP. I used openssl to generate an X509 certificate and private key. When I connect using FireFox it warns me of an "Untrusted Connection" and allows me to add an exception to continue. When I connect using my iPhone's Safari web browser it does the same thing. I hit accept to the security prompt and it works fine.
I add the web page to my home screen so that I can run it as a web-app. When I open the web-app I see the following prompt:
Cannot Open MyWebApp MyWebApp could not be opened. The error was: "The certificate for this server is invalid. You might be connecting to a server that is pretending to be mydomainnamehere.com" which could put your confidential information at risk.:". CLOSE or RETRY
If I hit close the web-app closes. If I hit retry I see the prompt again. There is no option to trust the site and continue. How can I get this to work? I'd like to use HTTPS to encrypt the sensitive data. It is a private site I use to access files remotely. It is not intended for public use.
There are two solution. 1) use a trusted certificate and 2) is to add the untrusted certificate to your iPad. This way your iPad will consider it as trusted.
Download the certificate (with Chrome for example), put the cert as an attachment on an email. Open this email on your iPad and click the attachment/cert and install it. Thats it!
I have a few sites that have SSL Certificates installed. When an SSL request is made with my employer's iPhone, this error message is displayed:
Accept Website Certificate
The certificate for this website is invalid. Tap Accept to connect to this website anyway.
I've pulled up the same pages in other browsers, including Safari, and they do not show any issues with the certs.
These two URLs exhibit the problem:
https://www.powerlunchbunch.com/index.php?template=join&nav=20
https://www.councilonagingmartin.org/index.php?template=donate&nav=257
Additional Information:
Both SSL certs are issued by Network Solutions
The sites are hosted on Rackspace Cloud Sites
Update:
I now have an open ticket with Rackspace for this issue. I browsed the same sites in Firefox 4.0 Beta 7, and got this warning page, telling me that "The certificate is not trusted because no issuer chain was provided.":
I think it's because you (or your hosting company) haven't configured the full certificate chain on your web server.
Take a look at a report from an ssl checker, such as this:
http://www.sslshopper.com/ssl-checker.html#hostname=www.councilonagingmartin.org
...
I can see from this report that you're using Apache2.2. Configuring 'intermediate certificates' on Apache2 goes something like this:
SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/chainCert.xxx
I don't know if you configured the certificate yourself, or your hosting company configured it, so you'll either need to contact your hosting company, or the certificate provider, who can provide the intermediate certificate(s).
Hope That Helps
Unfortunately, the Root CA for both those certificates, Network Solutions, L.L.C. is not a trusted certificate authority on the iPhone.
If you look at the certificate chain, it does end up at AddTrust, which is a trusted CA on the iPhone.
So you likely have one of the following problems:
1) Your certificate is not installed correctly on the web server
2) You need to work with Network Solutions (the SSL cert issuer) to get a cert that properly chains to AddTrust.