starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-25 16:15:55 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1007] SSL proxying does not work for connections to apple.com #1002

New issue
Open
opened 2026-03-03 19:23:40 +03:00 by kerem · 9 comments
kerem commented 2026-03-03 19:23:40 +03:00
Owner
Copy link

Originally created by @vprelovac on GitHub (Sep 25, 2021).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1007

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

Latest

macOS Version? (Ex. mac 10.14)

11.5

Steps to reproduce

Turn on SSL proxying for apple.com

Expected behavior

apple.com loads

Instead it fails to load with:

SSL Handshake Failed
handshakeFailed(NIOSSL.BoringSSLError.sslError([]))

Screenshots (optional)

Screen 2021-09-25 at 13 00 37@2x

Screen 2021-09-25 at 12 58 58@2x

Proxyman cert is installed and trusted.

Originally created by @vprelovac on GitHub (Sep 25, 2021). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1007 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) Latest ### macOS Version? (Ex. mac 10.14) 11.5 ### Steps to reproduce Turn on SSL proxying for apple.com ### Expected behavior apple.com loads Instead it fails to load with: SSL Handshake Failed handshakeFailed(NIOSSL.BoringSSLError.sslError([])) ### Screenshots (optional) ![Screen 2021-09-25 at 13 00 37@2x](https://user-images.githubusercontent.com/4319401/134784641-66faf249-936b-4bcc-99ac-34e74f1662ef.jpg) ![Screen 2021-09-25 at 12 58 58@2x](https://user-images.githubusercontent.com/4319401/134784607-324ccfa5-9f3f-481c-90f6-ccd0668b5cb4.jpg) Proxyman cert is installed and trusted.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 26, 2021):

Hey, this issue happens with Charles Proxy and Fiddler too. For some reason, Safari rejects all SSL from self-signed certificates and there is no way to fix it.

If you try to sniff apple.com from Google Chrome, it works fine without any problems 👍

I suppose that it's an intention from Apple to prevent being intercepted from Mitm apps.

<!-- gh-comment-id:927209929 --> @NghiaTranUIT commented on GitHub (Sep 26, 2021): Hey, this issue happens with Charles Proxy and Fiddler too. For some reason, Safari rejects all SSL from self-signed certificates and there is no way to fix it. If you try to sniff apple.com from Google Chrome, it works fine without any problems 👍 I suppose that it's an intention from Apple to prevent being intercepted from Mitm apps.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@vprelovac commented on GitHub (Sep 26, 2021):

Thank you for your comment. I am interested in the origin of the touch icon for apple.com that Safari uses and clearly downloads from apple.com.

Screen 2021-09-26 at 08 33 10@2x

However it is not https://apple.com/apple-touch-icon.png

Laying it out there in case you had other ideas how to get it.

<!-- gh-comment-id:927325056 --> @vprelovac commented on GitHub (Sep 26, 2021): Thank you for your comment. I am interested in the origin of the touch icon for apple.com that Safari uses and clearly downloads from apple.com. ![Screen 2021-09-26 at 08 33 10@2x](https://user-images.githubusercontent.com/4319401/134814377-a56d16a5-52f5-42d7-8216-1a22fa250bae.jpg) However it is not https://apple.com/apple-touch-icon.png Laying it out there in case you had other ideas how to get it.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 27, 2021):

I'm not sure how to find the touch icon you'd like. Maybe we can get from the Developer Inspector or parse the <head> of apple website 🤔

<!-- gh-comment-id:927543565 --> @NghiaTranUIT commented on GitHub (Sep 27, 2021): I'm not sure how to find the touch icon you'd like. Maybe we can get from the Developer Inspector or parse the <head> of apple website 🤔
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@vprelovac commented on GitHub (Sep 27, 2021):

Apple seems to use a non-standard file name for it and SSL proxy was my only hope. As you said none of the others work too and I tried them all. Thanks for looking into it anyway.

<!-- gh-comment-id:927886008 --> @vprelovac commented on GitHub (Sep 27, 2021): Apple seems to use a non-standard file name for it and SSL proxy was my only hope. As you said none of the others work too and I tried them all. Thanks for looking into it anyway.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@VaslD commented on GitHub (Nov 19, 2021):

https://www.apple.com/apple-touch-icon.png

The file apple-touch-icon.png in the root/home directory of the website is used unless a link is specified in the <head> element of the web page:

<link rel="apple-touch-icon" href="/icons/from/somewhere-else.png"/>

This isn't RFC'd but is pretty much universal on all major websites. Like https://facebook.com/apple-touch-icon.png

Edit: Found documentation: https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html

<!-- gh-comment-id:974162592 --> @VaslD commented on GitHub (Nov 19, 2021): https://www.apple.com/apple-touch-icon.png The file `apple-touch-icon.png` in the root/home directory of the website is used unless a link is specified in the `<head>` element of the web page: ``` <link rel="apple-touch-icon" href="/icons/from/somewhere-else.png"/> ``` This isn't RFC'd but is pretty much universal on all major websites. Like https://facebook.com/apple-touch-icon.png Edit: Found documentation: https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@chrise86 commented on GitHub (Dec 17, 2021):

For some reason I can't even see requests made to itunes.apple.com, yet can see other apple related calls.

<!-- gh-comment-id:996861693 --> @chrise86 commented on GitHub (Dec 17, 2021): For some reason I can't even _see_ requests made to `itunes.apple.com`, yet can see other apple related calls.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Dec 19, 2021):

There are many reasons why you might not see the itunes.apple.com. One of the reasons is that this traffic doesn't go through the System HTTP/HTTPS Proxy, where Proxyman is listening. It might intentionally be designed this way to prevent being captured from the MitM app.

Even though we can capture itunes.apple.com, but you couldn't intercept their HTTPS Traffic, because it's protected by SSL Pinning.

<!-- gh-comment-id:997325207 --> @NghiaTranUIT commented on GitHub (Dec 19, 2021): There are many reasons why you might not see the `itunes.apple.com`. One of the reasons is that this traffic doesn't go through the System HTTP/HTTPS Proxy, where Proxyman is listening. It might intentionally be designed this way to prevent being captured from the MitM app. Even though we can capture `itunes.apple.com`, but you couldn't intercept their HTTPS Traffic, because it's protected by SSL Pinning.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@chrise86 commented on GitHub (Dec 19, 2021):

There are many reasons why you might not see the itunes.apple.com. One of the reasons is that this traffic doesn't go through the System HTTP/HTTPS Proxy, where Proxyman is listening. It might intentionally be designed this way to prevent being captured from the MitM app.

Even though we can capture itunes.apple.com, but you couldn't intercept their HTTPS Traffic, because it's protected by SSL Pinning.

The request is inside a react native app. Although, I’ve noticed Proxyman randomly not showing some requests sometimes, but showing them randomly at other times, so I’m not sure what it is currently.

<!-- gh-comment-id:997439869 --> @chrise86 commented on GitHub (Dec 19, 2021): > There are many reasons why you might not see the `itunes.apple.com`. One of the reasons is that this traffic doesn't go through the System HTTP/HTTPS Proxy, where Proxyman is listening. It might intentionally be designed this way to prevent being captured from the MitM app. > > Even though we can capture `itunes.apple.com`, but you couldn't intercept their HTTPS Traffic, because it's protected by SSL Pinning. The request is inside a react native app. Although, I’ve noticed Proxyman randomly not showing some requests sometimes, but showing them randomly at other times, so I’m not sure what it is currently.
kerem commented 2026-03-03 19:23:41 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Dec 20, 2021):

Can you share with me what the App is? I'd like to download and test it.

As it's a React native app, so it might not respect the HTTP System Proxy too. Doc: https://docs.proxyman.io/debug-devices/react-native

<!-- gh-comment-id:997524870 --> @NghiaTranUIT commented on GitHub (Dec 20, 2021): Can you share with me what the App is? I'd like to download and test it. As it's a React native app, so it might not respect the HTTP System Proxy too. Doc: https://docs.proxyman.io/debug-devices/react-native
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#1002
No description provided.