starred/Proxyman

Fork 0

mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-26 08:35:53 +03:00

[GH-ISSUE #1378] Automate Client Certificate Management #1370

New issue

Open

opened 2026-03-03 19:50:54 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 19:50:54 +03:00

Owner

Originally created by @VaslD on GitHub (Oct 2, 2022).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1378

Originally assigned to: @NghiaTranUIT on GitHub.

Description

I'm working with third-party services that issue client certificates (later used for mutual authentication) after account login. Because I'm experimenting with the APIs and running test cases, I need to switch (or rather technically, renew) certificates frequently. A typically workflow includes parsing the response in my app, exporting P12 to ~/Desktop, and manually adding new certificates to Proxyman. After completing all these steps, I can then capture app traffic from Proxyman.

I want to automate this certificate non-sense. Given that I already have access to all the network traffic before mutual authentication (and needed keys/secrets from my app code), ideally it should be as simple as a little extra Bash or JavaScript. I've skimmed through Command Line and Scripting docs, but I didn't find a way to manipulate Proxyman certificates.

Is there a recommended workflow (on the Proxyman-side) to solve my problem? If not, can certificate manipulation from Command Line or preferably Scripting be added as a new feature? I know Atlantis exists and it works beautifully for logging traffic, but I still need mapping and breakpoints after mutual authentication, so that's a no-go.

Why this feature/change is important?

Although not the most common use case, client certificates can be issued from subsequent API calls. Having access to certificates in request/response scripts speeds things up to a whole new level.

Originally created by @VaslD on GitHub (Oct 2, 2022). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1378 Originally assigned to: @NghiaTranUIT on GitHub. ## Description I'm working with third-party services that issue client certificates (later used for mutual authentication) after account login. Because I'm experimenting with the APIs and running test cases, I need to switch (or rather technically, renew) certificates frequently. A typically workflow includes parsing the response in my app, exporting P12 to `~/Desktop`, and manually adding new certificates to Proxyman. After completing all these steps, I can then capture app traffic from Proxyman. I want to automate this certificate non-sense. Given that I already have access to all the network traffic before mutual authentication (and needed keys/secrets from my app code), ideally it should be as simple as a little extra Bash or JavaScript. I've skimmed through Command Line and Scripting docs, but I didn't find a way to manipulate Proxyman certificates. Is there a recommended workflow (on the Proxyman-side) to solve my problem? If not, can certificate manipulation from Command Line or preferably Scripting be added as a new feature? I know Atlantis exists and it works beautifully for logging traffic, but I still need mapping and breakpoints after mutual authentication, so that's a no-go. ## Why this feature/change is important? Although not the most common use case, client certificates can be issued from subsequent API calls. Having access to certificates in request/response scripts speeds things up to a whole new level.

kerem added the

enhancement

label

2026-03-03 19:50:54 +03:00

kerem commented

2026-03-03 19:50:55 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Oct 3, 2022):

Currently, It's not possible to automatically manage the client certificate.

Not sure if it works, but you can read the UserDefault at ~/Library/Preferences/com.proxyman.NSProxy.plist. Look for the key CustomClientCertificates, which contains the JSON of all client certificates.

Just add a sample client certificate to the app, then you can know the structure of the file.

I suggest writing a bash script to modify the plist file. (The app needs to reload in order to get the change)

@NghiaTranUIT commented on GitHub (Oct 3, 2022): Currently, It's not possible to automatically manage the client certificate. Not sure if it works, but you can read the UserDefault at `~/Library/Preferences/com.proxyman.NSProxy.plist`. Look for the key `CustomClientCertificates`, which contains the JSON of all client certificates. Just add a sample client certificate to the app, then you can know the structure of the file. I suggest writing a bash script to modify the plist file. (The app needs to reload in order to get the change)

kerem commented

2026-03-03 19:50:55 +03:00

Author

Owner

@SilleBille commented on GitHub (Mar 3, 2023):

@NghiaTranUIT I am trying to solve the same problem.. When i looked in the plist file, it had 2 entires:

CustomClientCertificates -- The one you pointed out which seems to be a JSON encoded in ASCII
customCertificateInfo -- Some kind of Hashmap that maps cert name with some hash?

I tried importing the same p12 file twice and there were 2 different entries inside customCertificateInfo

So, my questions are

How is the prefix of the key inside customCertificateInfo created. Eg: 314DD08B_some_dev.p12?
What/How is the value of the corresponding key generated? Eg: f+92+gAwpO4XSs/RgjZ0/NzRGkm38eT9ClE1zkdONZRsm3wy3+9qN/nLeYKrbekG

@SilleBille commented on GitHub (Mar 3, 2023): @NghiaTranUIT I am trying to solve the same problem.. When i looked in the plist file, it had 2 entires: * CustomClientCertificates -- The one you pointed out which seems to be a JSON encoded in ASCII * customCertificateInfo -- Some kind of Hashmap that maps cert name with some hash? I tried importing the same p12 file twice and there were 2 different entries inside `customCertificateInfo` ![Screenshot 2023-03-03 at 11 10 40 AM](https://user-images.githubusercontent.com/8215572/222806389-3e1f2e04-eafc-4dfe-89db-edf09af82377.png) So, my questions are 1. How is the prefix of the **key** inside customCertificateInfo created. Eg: **314DD08B**_some_dev.p12? 2. What/How is the **value** of the corresponding key generated? Eg: `f+92+gAwpO4XSs/RgjZ0/NzRGkm38eT9ClE1zkdONZRsm3wy3+9qN/nLeYKrbekG`

kerem commented

2026-03-03 19:50:55 +03:00

Author

Owner

@NghiaTranUIT commented on GitHub (Jul 25, 2023):

Hi @SilleBille

You should look at:

CustomClientCertificates key: It's base64 - JSON array of Client Certificates.
customCertificateInfo is an encrypted passphrase when importing your p12 file.

How is the prefix of the key inside customCertificateInfo created. Eg: 314DD08B_some_dev.p12?

It's just a random UUID string. It's corresponding with the file name in ~/Library/Application Support/com.proxyman.NSProxy/certificates

What/How is the value of the corresponding key generated? Eg: f+92+gAwpO4XSs/RgjZ0/NzRGkm38eT9ClE1zkdONZRsm3wy3+9qN/nLeYKrbekG

When importing the p12 file, Proxyman gets the passphrase -> Encrypt it with AES encryption (To get the secret key -> Please email to nghia@proxyman.io) -> Done.

@NghiaTranUIT commented on GitHub (Jul 25, 2023): Hi @SilleBille You should look at: 1. `CustomClientCertificates` key: It's base64 - JSON array of Client Certificates. 2. `customCertificateInfo` is an encrypted passphrase when importing your p12 file. > How is the prefix of the key inside customCertificateInfo created. Eg: 314DD08B_some_dev.p12? It's just a random UUID string. It's corresponding with the file name in `~/Library/Application Support/com.proxyman.NSProxy/certificates` > What/How is the value of the corresponding key generated? Eg: f+92+gAwpO4XSs/RgjZ0/NzRGkm38eT9ClE1zkdONZRsm3wy3+9qN/nLeYKrbekG When importing the p12 file, Proxyman gets the passphrase -> Encrypt it with AES encryption (To get the secret key -> Please email to nghia@proxyman.io) -> Done.