Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL decrypt not working with Fiddler #10

Open
AlexGuo1998 opened this issue Jan 10, 2021 · 0 comments
Open

SSL decrypt not working with Fiddler #10

AlexGuo1998 opened this issue Jan 10, 2021 · 0 comments

Comments

@AlexGuo1998
Copy link

As far as I know, Fiddler generates certificates using hostname in CONNECT message, rather than from SNI.
Now when we send CONNECT, we may have not retrieved the hostname from SNI, making the certificate unusable. (i.e. CN=some IP address)
I suggest CONNECT be delayed to the Client Hello message. A quick fix can be:

TunProxy/android_app/app/src/main/cpp/tcp.c

Lines 732 to 735 in d68818a

if (cur->tcp.connect_sent == TCP_CONNECT_NOT_SENT) {
if (len > 0) {
char buffer[512];
sprintf(buffer, "CONNECT %s:443 HTTP/1.0\r\n\r\n", cur->tcp.hostname);

Change if (len > 0) to if (len > 0 && datalen > 0).
This assumes we got some data before CONNECT, which is likely to be Client Hello.

BTW thanks for the application! It helped me a lot.
kagasu added a commit to kagasu/TunProxy that referenced this issue Apr 1, 2021
@kagasu
fix
53f06c2 
raise-isayan#10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AlexGuo1998