Skip to content
This repository has been archived by the owner on Jun 1, 2018. It is now read-only.

Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",) #17

Closed
gratzz opened this issue Aug 23, 2017 · 2 comments
Closed

Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",) #17

gratzz opened this issue Aug 23, 2017 · 2 comments

Comments

@gratzz
Copy link

gratzz commented Aug 23, 2017

Hello,

Using the mitmproxy docker container and using a specific application I get these unexpected EOF.
The unfortunate part is I don't have control of the application.
I have imported the certificate and can browse with common browsers.
I can use wget and get the same link that I need to work.

Furthermore I redirect a stream to a server and I see the process complete successfully on that server. So I know that the client request hits mitm, sends the right data then mitm reaches out to the server pulls the data gets a 200 then the application or something pukes on the return trip. It is possible that the returned data is malformed but wget works fine and returned data is not malformed.

I installed it with this.
sudo docker pull mitmproxy/mitmproxy

I have run it many ways finally ending up with:
sudo docker -D run -v /home/ec2-user/gdev/misc-scripts/mitmproxy:/scripts -p 48080:8080 mitmproxy/mitmproxy mitmdump --ssl-version-client TLSv1_2 --ssl-version-server TLSv1_2 --insecure --anticache -s /scripts/httpproxy.py

The httpproxy.py looks for a every specific thing. So for the most part it rarely fires.

    if not flow.request.url[-3:] == 'qvt':
        return
    else:
        debug = True
    resp = str(flow.response.content, 'utf-8')
    data = json.loads(resp) etc...

Here are the errors I see.
174.52.2.243:51503: CONNECT beacons5.gvt3.com:443
<< Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",)
174.52.2.243:51503: clientdisconnect
174.52.2.243:51508: clientconnect
174.52.2.243:51508: CONNECT clients4.google.com:443
<< Cannot establish TLS with client (sni: clients4.google.com): TlsException("(-1, 'Unexpected EOF')",)
174.52.2.243:51508: clientdisconnect
174.52.2.243:51509: clientconnect
174.52.2.243:51509: CONNECT discourse.mitmproxy.org:443
<< Cannot establish TLS with client (sni: discourse.mitmproxy.org): TlsException("(-1, 'Unexpected EOF')",)

I have attached a pcap with what I think is the client and server side of the failed connection if it helps.
brokensession.zip

Any help or suggestions would be appreciated the only thing I can find on the internet with the same error referenced openssl and was specific to safari.
@gratzz
Copy link
Author

gratzz commented Aug 23, 2017
edited

Oh side note the pcap was taken at the docker host with a tcpdump -i any so there is some duplication as the packet moves from the vm to the docker container the 172.17.0.3 is the docker container
The application I'm trying to redirect is the sling tv application running on windows 10 pro

@mhils
Copy link
Member

mhils commented Aug 23, 2017

Hi,

if it works with other applications than your specific one, this looks like your specific application does not consider mitmproxy's CA certificate as trusted. This is not a mitmproxy bug and we can't do anything about this.

@mhils mhils closed this as completed Dec 4, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mhils @gratzz