-
-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS Interception Cert Generation #362
Conversation
Summary: My steps:
Output
Running on Docker:
|
@abhinavsingh
|
@whitespots Thanks for a quick try. I suspect Since you are on MacOS, simply This flag is required on MacOS because installed Python no longer has access to root CA bundle installed on MacOS.
We run into socket issue because |
Docker container doesn't have Let's use this current branch for verification:
Once after verification I can make a new release for |
I really need this library and that's why I'm testing right now :) |
Thank you. When you get time please lemme know about:
Cheers!!! |
Dockerfile is updated with
But there is a problem with connections
|
@whitespots Thank you. I'll check back on Meanwhile, does it work without docker on MacOS for you? |
..No :(
Output
|
Hmmm, this is weird. I gave it a try with Try to delete all older certificates under |
It's empty actually.. |
…e generation error on Ubuntu
…h/proxy.py into interception-cert-generation
Update for UbuntuGave it a try on Ubuntu
and TLS interception worked fine from command line. I didn't get a chance to setup browser for it. Please give it a try and lemme know. |
It's ok on the Ubuntu VM. Confirmed with FF also :) |
UPD Really interesting error for you, @abhinavsingh:
PS. FF browser on Ubuntu says, that connection is secured by example.com, but Mac OS does not. Even after reboot. |
Codecov Report
@@ Coverage Diff @@
## develop #362 +/- ##
===========================================
+ Coverage 81.40% 81.55% +0.15%
===========================================
Files 72 72
Lines 2775 2798 +23
===========================================
+ Hits 2259 2282 +23
Misses 516 516
Continue to review full report at Codecov.
|
Yes, for
This error is interesting. Looks like an invalid request was made. Specifically, for a
That's interesting because I am getting success on |
@Benouare @httpnotonly @ja8zyjits @roshanprince402 @tawmoto @whitespots Folks, looks like we have a way forward. So I'll go ahead and merge this PR. I have personally verified the changes on both A few things to resolve going forward:
|
@whitespots If this problem persists please open a new issue with some details. Would love to address this if it's a constant problem. Thank you. |
@Benouare @httpnotonly @ja8zyjits @roshanprince402 @tawmoto @whitespots Folks PTAL at this branch and give it a try. Please report if TLS interception is still an issue.
proxy --ca-key-file ca-key.pem --ca-cert-file ca-cert.pem --ca-signing-key ca-signing-key.pem --ca-file venv373/lib/python3.7/site-packages/certifi/cacert.pem --plugins proxy.plugin.CacheResponsesPlugin
make ca-certificates
.--ca-file
flag onUbuntu
.openssl.cnf
so this should also address Ubuntu use cases. But I haven't yet given it a try on Ubuntu.Please let me know.
Screenshot of TLS interception via Chrome on MacOS. As we can see, certificate was signed by custom CA (example.com).