starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-26 08:35:53 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1370] SSL Handshake Failed #1365

New issue
Closed
opened 2026-03-03 19:50:51 +03:00 by kerem · 10 comments
kerem commented 2026-03-03 19:50:51 +03:00
Owner
Copy link

Originally created by @ghost on GitHub (Sep 25, 2022).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1370

Description

SSL decryption failed

handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436502 error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN]))

Steps to Reproduce

1.Install the Proxyman Certificate on Your iOS Device
2.Enable SSL kill switch
3.Launch the app and enable decryption
4.fail to decrypt

Current Behavior

Unable to decrypt SSL
Therefore, you cannot view the contents of the communication.

Expected Behavior

Decrypt SSL successfully to view data

Environment

  • App version: e.g Proxyman 3.10.0
  • macOS version: e.g macOS Monterey
Originally created by @ghost on GitHub (Sep 25, 2022). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1370 ## Description <!--- Description for the bug? --> SSL decryption failed ``` handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436502 error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN])) ``` ## Steps to Reproduce <!-- Add relevant code and/or a live example --> 1.Install the Proxyman Certificate on Your iOS Device 2.Enable SSL kill switch 3.Launch the app and enable decryption 4.fail to decrypt ## Current Behavior <!--- What went wrong? --> Unable to decrypt SSL Therefore, you cannot view the contents of the communication. ## Expected Behavior <!--- What should have happened? --> Decrypt SSL successfully to view data ## Environment - App version: e.g Proxyman 3.10.0 - macOS version: e.g macOS Monterey
kerem 2026-03-03 19:50:51 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 26, 2022):

Does it seem that SSL Kill Switch doesn't work? 🤔 @KohnoseLami

SSL Handshake failed because the app, which supports SSL Pinning, rejected Proxyman CA Certificate. You use SSL Kill Switch to bypass it, but I'm not sure if you properly config it.

<!-- gh-comment-id:1257401265 --> @NghiaTranUIT commented on GitHub (Sep 26, 2022): Does it seem that SSL Kill Switch doesn't work? 🤔 @KohnoseLami SSL Handshake failed because the app, which supports SSL Pinning, rejected Proxyman CA Certificate. You use SSL Kill Switch to bypass it, but I'm not sure if you properly config it.
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 26, 2022):

I tested it under the following three conditions.

  1. The Proxyman certificate has not been installed (The SSL kill switch is also turned off.).
  2. The Proxyman certificate is installed (The SSL kill switch is off.).
  3. The Proxyman certificate is installed (The SSL kill switch is also on.).

The same error was output under all conditions.
Is this due to SSL Pinning rather than Proxyman certificate error?
When I tried it with the same application in the past, it worked once, but it didn't work when I tried it again.
If you drop the version of the application, it won't change.

<!-- gh-comment-id:1258159164 --> @ghost commented on GitHub (Sep 26, 2022): I tested it under the following three conditions. 1. The Proxyman certificate has not been installed (The SSL kill switch is also turned off.). 2. The Proxyman certificate is installed (The SSL kill switch is off.). 3. The Proxyman certificate is installed (The SSL kill switch is also on.). The same error was output under all conditions. Is this due to SSL Pinning rather than Proxyman certificate error? When I tried it with the same application in the past, it worked once, but it didn't work when I tried it again. If you drop the version of the application, it won't change.
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 26, 2022):

  1. The Proxyman certificate has not been installed (The SSL kill switch is also turned off.).

100% gets SSL Error because the certificate is not installed.

  1. The Proxyman certificate is installed (The SSL kill switch is off.).

Which app are you trying to intercept? If it's a well-known app, such as Facebook, or Instagram, ... it's SSL Pinning.

  1. The Proxyman certificate is installed (The SSL kill switch is also on.).

Not sure if the SSL Kill Switch Config is correct. If it's not right, the SSL Error can occur.

<!-- gh-comment-id:1258162290 --> @NghiaTranUIT commented on GitHub (Sep 26, 2022): > 1. The Proxyman certificate has not been installed (The SSL kill switch is also turned off.). 100% gets SSL Error because the certificate is not installed. > 2. The Proxyman certificate is installed (The SSL kill switch is off.). Which app are you trying to intercept? If it's a well-known app, such as Facebook, or Instagram, ... it's SSL Pinning. > 3. The Proxyman certificate is installed (The SSL kill switch is also on.). Not sure if the SSL Kill Switch Config is correct. If it's not right, the SSL Error can occur.
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 26, 2022):

The app is called CapCut. This is an app made by Bytedance, a TikTok company, so there is a possibility that SSL Pinning exists.
However, since what I want is WebSocket, there is very little information on these.

<!-- gh-comment-id:1258176761 --> @ghost commented on GitHub (Sep 26, 2022): The app is called CapCut. This is an app made by Bytedance, a TikTok company, so there is a possibility that SSL Pinning exists. However, since what I want is WebSocket, there is very little information on these.
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@maximebories commented on GitHub (Sep 28, 2022):

It happens, and I'd say there is a 99% probability that this is because of a SSL pinning mechanism.

Now if you really want to be sure (but is it worth it ?), you could install the Frida.re framework and after digging a little you will find a SLL pinning library or retrieve a debug log which would confirm that. I haven't used it for ages but from memory it also allowed few people to bypass some SSL pinning mechanisms. Frida is easy to install on Android or a jailbroken iPhone, it's feasible but way more annoying on a non-rooted iPhone.

I don't know what your end goal is here, but I saw there is a web version of the app, maybe it's worth investigating...

Good luck

<!-- gh-comment-id:1260362675 --> @maximebories commented on GitHub (Sep 28, 2022): It happens, and I'd say there is a 99% probability that this is because of a SSL pinning mechanism. Now if you really want to be sure (but is it worth it ?), you could install the Frida.re framework and after digging a little you will find a SLL pinning library or retrieve a debug log which would confirm that. I haven't used it for ages but from memory it also allowed few people to bypass some SSL pinning mechanisms. Frida is easy to install on Android or a jailbroken iPhone, it's feasible but way more annoying on a non-rooted iPhone. I don't know what your end goal is here, but I saw there is a web version of the app, maybe it's worth investigating... Good luck
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@chhpt commented on GitHub (Sep 28, 2022):

I've had some similar situations (with certificates installed and SSL Pinning turned off) where some domains would report an error and others would not, and after restarting Proxyman or the App it might be back to normal again

<!-- gh-comment-id:1260592946 --> @chhpt commented on GitHub (Sep 28, 2022): I've had some similar situations (with certificates installed and SSL Pinning turned off) where some domains would report an error and others would not, and after restarting Proxyman or the App it might be back to normal again
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 28, 2022):

I've had some similar situations (with certificates installed and SSL Pinning turned off) where some domains would report an error and others would not, and after restarting Proxyman or the App it might be back to normal again

Can you provide some information? Is it an iOS/Android app? Native, ReactNative, Flutter 🤔

<!-- gh-comment-id:1260594456 --> @NghiaTranUIT commented on GitHub (Sep 28, 2022): > I've had some similar situations (with certificates installed and SSL Pinning turned off) where some domains would report an error and others would not, and after restarting Proxyman or the App it might be back to normal again Can you provide some information? Is it an iOS/Android app? Native, ReactNative, Flutter 🤔
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 28, 2022):

It happens, and I'd say there is a 99% probability that this is because of a SSL pinning mechanism.

Now if you really want to be sure (but is it worth it ?), you could install the Frida.re framework and after digging a little you will find a SLL pinning library or retrieve a debug log which would confirm that. I haven't used it for ages but from memory it also allowed few people to bypass some SSL pinning mechanisms. Frida is easy to install on Android or a jailbroken iPhone, it's feasible but way more annoying on a non-rooted iPhone.

I don't know what your end goal is here, but I saw there is a web version of the app, maybe it's worth investigating...

Good luck

I used Frida once, but it was very difficult and difficult.
For this reason, I used the SSL kill switch, but many applications do not work correctly.

I didn't know that there was a desktop app, that there was a web version.
My research is insufficient.
That information is likely to help me a lot. Thank you!

<!-- gh-comment-id:1260607175 --> @ghost commented on GitHub (Sep 28, 2022): > It happens, and I'd say there is a 99% probability that this is because of a SSL pinning mechanism. > > Now if you really want to be sure (but is it worth it ?), you could install the Frida.re framework and after digging a little you will find a SLL pinning library or retrieve a debug log which would confirm that. I haven't used it for ages but from memory it also allowed few people to bypass some SSL pinning mechanisms. Frida is easy to install on Android or a jailbroken iPhone, it's feasible but way more annoying on a non-rooted iPhone. > > I don't know what your end goal is here, but I saw there is a web version of the app, maybe it's worth investigating... > > Good luck I used Frida once, but it was very difficult and difficult. For this reason, I used the SSL kill switch, but many applications do not work correctly. I didn't know that there was a desktop app, that there was a web version. My research is insufficient. That information is likely to help me a lot. Thank you!
kerem commented 2026-03-03 19:50:52 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 28, 2022):

I've had some similar situations (with certificates installed and SSL Pinning turned off) where some domains would report an error and others would not, and after restarting Proxyman or the App it might be back to normal again

The same thing happened to me in CapCut.
Therefore, we are currently experimenting based on the communication captured in the past.
However, because of the missing information, I need to capture it again, but I am already in a situation where I cannot do it.

<!-- gh-comment-id:1260610734 --> @ghost commented on GitHub (Sep 28, 2022): > I've had some similar situations (with certificates installed and SSL Pinning turned off) where some domains would report an error and others would not, and after restarting Proxyman or the App it might be back to normal again The same thing happened to me in CapCut. Therefore, we are currently experimenting based on the communication captured in the past. However, because of the missing information, I need to capture it again, but I am already in a situation where I cannot do it.
kerem commented 2026-03-03 19:50:53 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Sep 28, 2022):

It happens, and I'd say there is a 99% probability that this is because of a SSL pinning mechanism.

Now if you really want to be sure (but is it worth it ?), you could install the Frida.re framework and after digging a little you will find a SLL pinning library or retrieve a debug log which would confirm that. I haven't used it for ages but from memory it also allowed few people to bypass some SSL pinning mechanisms. Frida is easy to install on Android or a jailbroken iPhone, it's feasible but way more annoying on a non-rooted iPhone.

I don't know what your end goal is here, but I saw there is a web version of the app, maybe it's worth investigating...

Good luck

When I checked the Web version, the required functions were reduced, so when I installed the Windows software, I found the required functions, so I connected the whole Windows through Proxyman and installed the certificate, and I was able to capture the Websocket successfully.

Now that I've solved my problem, I'm going to quote and close this post.
Thank you!

<!-- gh-comment-id:1260750550 --> @ghost commented on GitHub (Sep 28, 2022): > It happens, and I'd say there is a 99% probability that this is because of a SSL pinning mechanism. > > Now if you really want to be sure (but is it worth it ?), you could install the Frida.re framework and after digging a little you will find a SLL pinning library or retrieve a debug log which would confirm that. I haven't used it for ages but from memory it also allowed few people to bypass some SSL pinning mechanisms. Frida is easy to install on Android or a jailbroken iPhone, it's feasible but way more annoying on a non-rooted iPhone. > > I don't know what your end goal is here, but I saw there is a web version of the app, maybe it's worth investigating... > > Good luck When I checked the Web version, the required functions were reduced, so when I installed the Windows software, I found the required functions, so I connected the whole Windows through Proxyman and installed the certificate, and I was able to capture the Websocket successfully. Now that I've solved my problem, I'm going to quote and close this post. Thank you!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#1365
No description provided.