Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

javax.net.ssl.SSLHandshakeException: General SSLEngine problem #615

Open
lnallan opened this issue Mar 1, 2017 · 7 comments
Open

javax.net.ssl.SSLHandshakeException: General SSLEngine problem #615

lnallan opened this issue Mar 1, 2017 · 7 comments

Comments

@lnallan
Copy link

lnallan commented Mar 1, 2017

Hi Jekh, Some of the calls are getting 443 bad host exception. So, after i read the support, i used MITM along with Browsermob proxy server. Here is my code.

Now, I am getting this ssl handshake exception and the browser is not navigating to the url.

What am i missing here? Many thanks.

Code:

if (!(server != null)) {
server = new BrowserMobProxyServer();
}
// create a CA Root Certificate using default settings
RootCertificateGenerator rootCertificateGenerator = RootCertificateGenerator.builder().build();

		    // save the newly-generated Root Certificate and Private Key -- the .cer file can be imported 
		    // directly into a browser

// rootCertificateGenerator.saveRootCertificateAsPemFile(new File("D://browsermob//ca-certificate-ec1.cer"));
// rootCertificateGenerator.savePrivateKeyAsPemFile(new File("D://browsermob//key1.pem"), "SHA384");

		    // or save the certificate and private key as a PKCS12 keystore, for later use
		    rootCertificateGenerator.saveRootCertificateAndKey("PKCS12", new File("D://browsermob//keystore.p12"),"privateKeyAlias", "SHA384");

		    // tell the ImpersonatingMitmManager  use the RootCertificateGenerator we just configured
		    ImpersonatingMitmManager mitmManager = ImpersonatingMitmManager.builder()
		            .rootCertificateSource(rootCertificateGenerator)
		            .build();
		    
		    server.setTrustAllServers(true);
		    
		    // tell LittleProxy to use the ImpersonatingMitmManager when MITMing
		    HttpProxyServer  proxyServer  = DefaultHttpProxyServer.bootstrap()
		            .withManInTheMiddle(mitmManager)
		            .start();
		  
		    server.setMitmManager(mitmManager);
			server.enableHarCaptureTypes(CaptureType.REQUEST_CONTENT, CaptureType.RESPONSE_CONTENT);
			
			server.start();
			browserMobServer = new BrowserMobServer(server);
			browserMobServer.setServer(server);

			// ==============SELENIUM PROXY=============
			Proxy proxy = ClientUtil.createSeleniumProxy(server);

			// ==============Firefox Profile=============
			FirefoxProfile profile = new FirefoxProfile();
			profile.setAcceptUntrustedCertificates(true);
			// ==============DERSIRED CAPABILITIES=============
			DesiredCapabilities capabilities = new DesiredCapabilities();
			capabilities.setCapability(CapabilityType.PROXY, proxy);
			capabilities.setCapability(FirefoxDriver.PROFILE, profile);
			capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);

			// =================FIREFOX DRIVER INITIATING==================
			REAL_DRIVER = new FirefoxDriver(capabilities);
			REAL_DRIVER.manage().window().maximize();
			REAL_DRIVER.manage().timeouts().implicitlyWait(15, TimeUnit.SECONDS);
			REAL_DRIVER.manage().deleteAllCookies();

My Complete Stacktrace:
Scenario Outline: Customer search by CAC - not expanded �[90m# au/com/telstra/cat/feature/PLR.feature:13�[0m
�[36mWhen �[0m�[36mthe contact is by searching through �[0m
�[36mThen �[0m�[36mthe header bar needs to reflect customername�[0m
�[36mAnd �[0m�[36ma plr log for should be generated with expected key values �[0m

Examples: UatEnv - FN2

[2017-03-01T18:18:44,587] INFO [main][] - RootCertificateGenerator.generateRootCertificate(RootCertificateGenerator.java:113) - Generated CA root certificate and private key in 990ms. Key generator: RSA (2048). Signature algorithm: SHA384.
[2017-03-01T18:18:45,118] INFO [main][] - DefaultHttpProxyServer.start(DefaultHttpProxyServer.java:485) - Starting proxy at address: /127.0.0.1:8080
[2017-03-01T18:18:45,177] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:514) - Proxy listening with TCP transport
[2017-03-01T18:18:45,596] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:549) - Proxy started at address: /127.0.0.1:8080
[2017-03-01T18:18:45,602] INFO [main][] - DefaultHttpProxyServer.start(DefaultHttpProxyServer.java:485) - Starting proxy at address: 0.0.0.0/0.0.0.0:0
[2017-03-01T18:18:45,614] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:514) - Proxy listening with TCP transport
[2017-03-01T18:18:45,616] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:549) - Proxy started at address: /0:0:0:0:0:0:0:0:55783
[2017-03-01T18:18:52,402] INFO [LittleProxy-1-ProxyToServerWorker-0][] - ProxyToServerConnection.connectionFailed(ProxyToServerConnection.java:776) - (HANDSHAKING) [id: 0x353de70b, L:0.0.0.0/0.0.0.0:55801 ! R:fn2.cat.np.in.telstra.com.au/10.191.201.153:443]: Connection to upstream server failed
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:1.8.0_101]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1097) [browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:968) [browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) [browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:651) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:574) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:488) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:450) [browsermob-dist-2.1.4.jar:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873) [browsermob-dist-2.1.4.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1123) [browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1008) [browsermob-dist-2.1.4.jar:?]
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:1.8.0_101]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_101]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1123) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1008) ~[browsermob-dist-2.1.4.jar:?]
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_101]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_101]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_101]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_101]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_101]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1123) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1008) ~[browsermob-dist-2.1.4.jar:?]
... 17 more
[2017-03-01T18:18:52,421]ERROR [LittleProxy-1-ProxyToServerWorker-0][] - ProxyToServerConnection.exceptionCaught(ProxyToServerConnection.java:442) - (DISCONNECTED) [id: 0x353de70b, L:0.0.0.0/0.0.0.0:55801 ! R:fn2.cat.np.in.telstra.com.au/10.191.201.153:443]: Caught an exception on ProxyToServerConnection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:651) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:574) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:488) [browsermob-dist-2.1.4.jar:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:450) [browsermob-dist-2.1.4.jar:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873) [browsermob-dist-2.1.4.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_101]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) ~[?:1.8.0_101]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1097) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:968) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[browsermob-dist-2.1.4.jar:?]
... 15 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_101]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1123) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1008) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[browsermob-dist-2.1.4.jar:?]
... 15 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:1.8.0_101]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_101]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1123) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1008) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[browsermob-dist-2.1.4.jar:?]
... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_101]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_101]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_101]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_101]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_101]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:1.8.0_101]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:1.8.0_101]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:1.8.0_101]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1123) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1008) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) ~[browsermob-dist-2.1.4.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[browsermob-dist-2.1.4.jar:?]
... 15 more
[2017-03-01T18:18:52,905] INFO [LittleProxy-1-ClientToProxyWorker-1][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x505631cf, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55783 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55804]: Bad Host shavar.services.mozilla.com:443
[2017-03-01T18:18:54,005] INFO [LittleProxy-1-ClientToProxyWorker-2][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0xd625790a, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55783 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55807]: Bad Host http://ocsp.digicert.com/
[2017-03-01T18:18:54,013] INFO [LittleProxy-1-ClientToProxyWorker-2][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0xd625790a, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55783 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55807]: Bad Host http://ocsp.digicert.com/
[2017-03-01T18:18:54,222] INFO [LittleProxy-1-ClientToProxyWorker-4][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0xe6e85c7d, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55783 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55809]: Bad Host tiles-cloudfront.cdn.mozilla.net:443
[2017-03-01T18:18:54,346] INFO [LittleProxy-1-ClientToProxyWorker-5][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x837e32b8, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55783 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:55810]: Bad Host search.services.mozilla.com:443
org.openqa.selenium.NoSuchElementException: Unable to locate element: {"method":"id","selector":"username"}
Command duration or timeout: 15.14 seconds
For documentation on this error, please visit: http://seleniumhq.org/exceptions/no_such_element.html
Build info: version: '2.53.0', revision: '35ae25b1534ae328c771e0856c93e187490ca824', time: '2016-03-15 10:43:46'
System info: host: 'WYD072478TR930', ip: '147.132.90.120', os.name: 'Windows 7', os.arch: 'amd64', os.version: '6.1', java.version: '1.8.0_101'
Driver info: org.openqa.selenium.firefox.FirefoxDriver
Capabilities [{applicationCacheEnabled=true, rotatable=false, handlesAlerts=true, databaseEnabled=true, version=47.0.2, platform=WINDOWS, nativeEvents=false, acceptSslCerts=true, webStorageEnabled=true, locationContextEnabled=true, browserName=firefox, takesScreenshot=true, javascriptEnabled=true, cssSelectorsEnabled=true}]
Session ID: 2c62ad94-8715-416c-b8e1-758a9868e181
*** Element info: {Using=id, value=username}
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.openqa.selenium.remote.ErrorHandler.createThrowable(ErrorHandler.java:206)
at org.openqa.selenium.remote.ErrorHandler.throwIfResponseFailed(ErrorHandler.java:158)
at org.openqa.selenium.remote.RemoteWebDriver.execute(RemoteWebDriver.java:678)
at org.openqa.selenium.remote.RemoteWebDriver.findElement(RemoteWebDriver.java:363)
at org.openqa.selenium.remote.RemoteWebDriver.findElementById(RemoteWebDriver.java:413)
at org.openqa.selenium.By$ById.findElement(By.java:218)
at org.openqa.selenium.remote.RemoteWebDriver.findElement(RemoteWebDriver.java:355)
at au.com.telstra.cat.SharedDriver.(SharedDriver.java:159)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.picocontainer.injectors.AbstractInjector.newInstance(AbstractInjector.java:145)
at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:342)
at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
at org.picocontainer.injectors.ConstructorInjector$CtorAndAdapters.getParameterArguments(ConstructorInjector.java:309)
at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:335)
at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:678)
at cucumber.runtime.java.picocontainer.PicoFactory.getInstance(PicoFactory.java:37)
at cucumber.runtime.java.JavaStepDefinition.execute(JavaStepDefinition.java:38)
at cucumber.runtime.StepDefinitionMatch.runStep(StepDefinitionMatch.java:37)
at cucumber.runtime.Runtime.runStep(Runtime.java:299)
at cucumber.runtime.model.StepContainer.runStep(StepContainer.java:44)
at cucumber.runtime.model.StepContainer.runSteps(StepContainer.java:39)
at cucumber.runtime.model.CucumberScenario.runBackground(CucumberScenario.java:59)
at cucumber.runtime.model.CucumberScenario.run(CucumberScenario.java:42)
at cucumber.runtime.junit.ExecutionUnitRunner.run(ExecutionUnitRunner.java:91)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at cucumber.runtime.junit.ExamplesRunner.run(ExamplesRunner.java:59)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at cucumber.runtime.junit.ScenarioOutlineRunner.run(ScenarioOutlineRunner.java:53)
at cucumber.runtime.junit.FeatureRunner.runChild(FeatureRunner.java:63)
at cucumber.runtime.junit.FeatureRunner.runChild(FeatureRunner.java:18)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at cucumber.runtime.junit.FeatureRunner.run(FeatureRunner.java:70)
at cucumber.api.junit.Cucumber.runChild(Cucumber.java:93)
at cucumber.api.junit.Cucumber.runChild(Cucumber.java:37)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at cucumber.api.junit.Cucumber.run(Cucumber.java:98)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
Caused by: org.openqa.selenium.NoSuchElementException: Unable to locate element: {"method":"id","selector":"username"}
For documentation on this error, please visit: http://seleniumhq.org/exceptions/no_such_element.html
Build info: version: '2.53.0', revision: '35ae25b1534ae328c771e0856c93e187490ca824', time: '2016-03-15 10:43:46'
System info: host: 'WYD072478TR930', ip: '147.132.90.120', os.name: 'Windows 7', os.arch: 'amd64', os.version: '6.1', java.version: '1.8.0_101'
Driver info: driver.version: unknown
at .FirefoxDriver.prototype.findElementInternal_(file:///C:/Users/d821636/AppData/Local/Temp/anonymous8920572391369016583webdriver-profile/extensions/fxdriver@googlecode.com/components/driver-component.js:10770)
at .fxdriver.Timer.prototype.setTimeout/<.notify(file:///C:/Users/d821636/AppData/Local/Temp/anonymous8920572391369016583webdriver-profile/extensions/fxdriver@googlecode.com/components/driver-component.js:625)

@jekh
Copy link
Collaborator

jekh commented Mar 1, 2017

Does the upstream server you're connecting to have a valid certificate? An invalid certificate is typically what this error means:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I'm also a bit confused by the code you pasted. It looks like you're starting a BMP instance and an LP instance?

@lnallan
Copy link
Author

lnallan commented Mar 2, 2017

Hi Jekh,

I have added setTrustAllServersTrue and it was able to open the application url. However some calls are still getting: bad host - clienttoproxycoonection.doReadHTTPinitial error as below:- Could you please assist me - why these calls are still blocked?

[LittleProxy-0-ClientToProxyWorker-0][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL)
[2017-03-02T18:38:53,043] INFO [main][] - RootCertificateGenerator.generateRootCertificate(RootCertificateGenerator.java:113) - Generated CA root certificate and private key in 979ms. Key generator: RSA (2048). Signature algorithm: SHA384.
[2017-03-02T18:38:53,526] INFO [main][] - DefaultHttpProxyServer.start(DefaultHttpProxyServer.java:485) - Starting proxy at address: 0.0.0.0/0.0.0.0:0
[2017-03-02T18:38:53,578] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:514) - Proxy listening with TCP transport
[2017-03-02T18:38:53,957] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:549) - Proxy started at address: /0:0:0:0:0:0:0:0:62355
[2017-03-02T18:39:00,832] INFO [LittleProxy-0-ClientToProxyWorker-0][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x3bb4d864, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62373]: Bad Host http://ocsp.digicert.com/
[2017-03-02T18:39:00,877] WARN [LittleProxy-0-ClientToProxyWorker-1][] - SslUtil.getUpstreamServerSslContext(SslUtil.java:85) - Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.
[2017-03-02T18:39:00,950] INFO [LittleProxy-0-ClientToProxyWorker-0][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x3bb4d864, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62373]: Bad Host http://ocsp.digicert.com/
[2017-03-02T18:39:01,051] INFO [LittleProxy-0-ClientToProxyWorker-2][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0xd070b316, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62379]: Bad Host tiles-cloudfront.cdn.mozilla.net:443
[2017-03-02T18:39:01,275] INFO [LittleProxy-0-ClientToProxyWorker-3][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x14ce8605, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62380]: Bad Host search.services.mozilla.com:443
[2017-03-02T18:39:01,688] INFO [LittleProxy-0-ClientToProxyWorker-5][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x1f615dde, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62383]: Bad Host shavar.services.mozilla.com:443
[2017-03-02T18:39:02,204] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443
[2017-03-02T18:39:02,366] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443
[2017-03-02T18:39:04,919] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443
[2017-03-02T18:39:06,420] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443

Here is my modified code:
// ==============PROXY SERVER=============
if (!(server != null)) {
server = new BrowserMobProxyServer();
}
// create a CA Root Certificate using default settings
RootCertificateGenerator rootCertificateGenerator = RootCertificateGenerator.builder().build();
rootCertificateGenerator.saveRootCertificateAndKey("PKCS12", new File("D://browsermob//keystore.p12"),"privateKeyAlias", "SHA384");

		    // tell the ImpersonatingMitmManager  use the RootCertificateGenerator we just configured
		    ImpersonatingMitmManager mitmManager = ImpersonatingMitmManager.builder()
		            .rootCertificateSource(rootCertificateGenerator)
		            **.trustAllServers(true)** // added this line
		            .build();
		    server.setMitmManager(mitmManager);
			server.enableHarCaptureTypes(CaptureType.REQUEST_CONTENT, CaptureType.RESPONSE_CONTENT);
			server.start();
			browserMobServer = new BrowserMobServer(server);
			browserMobServer.setServer(server);
				// ==============SELENIUM PROXY=============
				Proxy proxy = ClientUtil.createSeleniumProxy(server);
				// ==============Firefox Profile=============
				profile = new FirefoxProfile();
				profile.setAcceptUntrustedCertificates(true);
				JavaScriptError.addExtension(profile);

				// ==============DERSIRED CAPABILITIES=============
				capabilities = new DesiredCapabilities();
				capabilities.setCapability(CapabilityType.PROXY, proxy);
				capabilities.setCapability(FirefoxDriver.PROFILE, profile);
				capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);

				// =================FIREFOX DRIVER
				// INITIATING==================
				REAL_DRIVER = new FirefoxDriver(capabilities);
			}
			REAL_DRIVER.manage().window().maximize();
			REAL_DRIVER.manage().timeouts().implicitlyWait(15, TimeUnit.SECONDS);
			REAL_DRIVER.manage().deleteAllCookies();

			if (System.getProperty("url") != null) {
				URL = System.getProperty("url");
			} else {
				URL = "https://applicationurl.com";
			}

			REAL_DRIVER.get(URL);
			REAL_DRIVER.findElement(By.id("username")).sendKeys("******");
			REAL_DRIVER.findElement(By.id("password")).sendKeys("******");

			REAL_DRIVER.findElement(By.id("submit-btn")).click();

			Runtime.getRuntime().addShutdownHook(CLOSE_THREAD);

@lnallan
Copy link
Author

lnallan commented Mar 2, 2017

Hey Jekh -- In response to your questions:-

  1. I have updated the code to use only the BMP
  2. I donot know what is an upstream server. I have not connected to any upstream server in my code.

@jekh
Copy link
Collaborator

jekh commented Mar 5, 2017

The upstream server is whatever server the request is going to. It is the server that the proxy connects to. It must have a valid certificate, or the trustAllServers option must be set to true.

@lnallan
Copy link
Author

lnallan commented Mar 7, 2017

I have added setTrustAllServersTrue and it was able to open the application url. However some calls are still getting: bad host - clienttoproxycoonection.doReadHTTPinitial error as below:- Could you please assist me - why these calls are still blocked?

[LittleProxy-0-ClientToProxyWorker-0][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL)
[2017-03-02T18:38:53,043] INFO [main][] - RootCertificateGenerator.generateRootCertificate(RootCertificateGenerator.java:113) - Generated CA root certificate and private key in 979ms. Key generator: RSA (2048). Signature algorithm: SHA384.
[2017-03-02T18:38:53,526] INFO [main][] - DefaultHttpProxyServer.start(DefaultHttpProxyServer.java:485) - Starting proxy at address: 0.0.0.0/0.0.0.0:0
[2017-03-02T18:38:53,578] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:514) - Proxy listening with TCP transport
[2017-03-02T18:38:53,957] INFO [main][] - DefaultHttpProxyServer.doStart(DefaultHttpProxyServer.java:549) - Proxy started at address: /0:0:0:0:0:0:0:0:62355
[2017-03-02T18:39:00,832] INFO [LittleProxy-0-ClientToProxyWorker-0][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x3bb4d864, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62373]: Bad Host http://ocsp.digicert.com/
[2017-03-02T18:39:00,877] WARN [LittleProxy-0-ClientToProxyWorker-1][] - SslUtil.getUpstreamServerSslContext(SslUtil.java:85) - Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.
[2017-03-02T18:39:00,950] INFO [LittleProxy-0-ClientToProxyWorker-0][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x3bb4d864, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62373]: Bad Host http://ocsp.digicert.com/
[2017-03-02T18:39:01,051] INFO [LittleProxy-0-ClientToProxyWorker-2][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0xd070b316, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62379]: Bad Host tiles-cloudfront.cdn.mozilla.net:443
[2017-03-02T18:39:01,275] INFO [LittleProxy-0-ClientToProxyWorker-3][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x14ce8605, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62380]: Bad Host search.services.mozilla.com:443
[2017-03-02T18:39:01,688] INFO [LittleProxy-0-ClientToProxyWorker-5][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x1f615dde, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62383]: Bad Host shavar.services.mozilla.com:443
[2017-03-02T18:39:02,204] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443
[2017-03-02T18:39:02,366] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443
[2017-03-02T18:39:04,919] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443
[2017-03-02T18:39:06,420] INFO [LittleProxy-0-ClientToProxyWorker-7][] - ClientToProxyConnection.doReadHTTPInitial(ClientToProxyConnection.java:305) - (AWAITING_INITIAL) [id: 0x5e13a65c, L:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62355 - R:/fe80:0:0:0:21b1:5d4f:d302:c716%11:62386]: Bad Host www.telstra.com.au:443

Here is my modified code:
// ==============PROXY SERVER=============
if (!(server != null)) {
server = new BrowserMobProxyServer();
}
// create a CA Root Certificate using default settings
RootCertificateGenerator rootCertificateGenerator = RootCertificateGenerator.builder().build();
rootCertificateGenerator.saveRootCertificateAndKey("PKCS12", new File("D://browsermob//keystore.p12"),"privateKeyAlias", "SHA384");

	    // tell the ImpersonatingMitmManager  use the RootCertificateGenerator we just configured
	    ImpersonatingMitmManager mitmManager = ImpersonatingMitmManager.builder()
	            .rootCertificateSource(rootCertificateGenerator)
	            **.trustAllServers(true)** // added this line
	            .build();
	    server.setMitmManager(mitmManager);
		server.enableHarCaptureTypes(CaptureType.REQUEST_CONTENT, CaptureType.RESPONSE_CONTENT);
		server.start();
		browserMobServer = new BrowserMobServer(server);
		browserMobServer.setServer(server);
			// ==============SELENIUM PROXY=============
			Proxy proxy = ClientUtil.createSeleniumProxy(server);
			// ==============Firefox Profile=============
			profile = new FirefoxProfile();
			profile.setAcceptUntrustedCertificates(true);
			JavaScriptError.addExtension(profile);

			// ==============DERSIRED CAPABILITIES=============
			capabilities = new DesiredCapabilities();
			capabilities.setCapability(CapabilityType.PROXY, proxy);
			capabilities.setCapability(FirefoxDriver.PROFILE, profile);
			capabilities.setCapability(CapabilityType.ACCEPT_SSL_CERTS, true);

			// =================FIREFOX DRIVER
			// INITIATING==================
			REAL_DRIVER = new FirefoxDriver(capabilities);
		}
		REAL_DRIVER.manage().window().maximize();
		REAL_DRIVER.manage().timeouts().implicitlyWait(15, TimeUnit.SECONDS);
		REAL_DRIVER.manage().deleteAllCookies();

		if (System.getProperty("url") != null) {
			URL = System.getProperty("url");
		} else {
			URL = "https://applicationurl.com";
		}

		REAL_DRIVER.get(URL);
		REAL_DRIVER.findElement(By.id("username")).sendKeys("*****");
		REAL_DRIVER.findElement(By.id("password")).sendKeys("******");

		REAL_DRIVER.findElement(By.id("submit-btn")).click();

		Runtime.getRuntime().addShutdownHook(CLOSE_THREAD);

@patotskiy
Copy link

Hi all,

We have same issue. Who knows how to resolve this issue?

@dpapworth
Copy link

I suggest checking to see if the certificate authority needs to be added - Oracle doesn't update the default CAs in the JDK often. ;(

Also, the certificate might require the JDK crypto extension installed, depending on the key strength being used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants