starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-26 08:35:53 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1749] SSL handshake failed after trusting the certificate #1742

New issue
Open
opened 2026-03-03 19:53:58 +03:00 by kerem · 17 comments
kerem commented 2026-03-03 19:53:58 +03:00
Owner
Copy link

Originally created by @Depisdrul on GitHub (Aug 22, 2023).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1749

Description

Steps to Reproduce

image

  1. Downloaded and installed proxyman. Installed certificate on Mac. Turned off all VPN
  2. Connected to the same wifi network on phone. Connection quality is good. Turned to Wifi proxy to Manual and inserted the address and port
  3. Went to http://proxy.man.ssl, downloaded and installed the certificate
  4. go to google.com on phone

Current Behavior

Cannot intercept any response from my test App (debug version, with the correct setup) but also not even the simple troubleshooting steps of checking the google endpoint
image

Expected Behavior

I can see the responses of Google and my app in debug version

Environment

Phone: Galaxy A13, Android 13
Computer: Proxyman Version 4.9.1 (49001), Mac OS 13.4.1 (c) ARM64

Originally created by @Depisdrul on GitHub (Aug 22, 2023). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1749 ## Description ## Steps to Reproduce ![image](https://github.com/ProxymanApp/Proxyman/assets/52414505/32b93193-8114-439c-8ac1-07f11bdf3c37) 1. Downloaded and installed proxyman. Installed certificate on Mac. Turned off all VPN 2. Connected to the same wifi network on phone. Connection quality is good. Turned to Wifi proxy to Manual and inserted the address and port 3. Went to http://proxy.man.ssl, downloaded and installed the certificate 4. go to google.com on phone ## Current Behavior Cannot intercept any response from my test App (debug version, with the correct setup) but also not even the simple troubleshooting steps of checking the google endpoint ![image](https://github.com/ProxymanApp/Proxyman/assets/52414505/a79c1be1-cfa2-4a87-bf43-e2f995fb6b03) ## Expected Behavior I can see the responses of Google and my app in debug version ## Environment Phone: Galaxy A13, Android 13 Computer: Proxyman Version 4.9.1 (49001), Mac OS 13.4.1 (c) ARM64
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Aug 22, 2023):

You have to follow all steps from the Setup Guide, especially step 5.

<!-- gh-comment-id:1688364413 --> @NghiaTranUIT commented on GitHub (Aug 22, 2023): You have to follow all steps from the Setup Guide, especially step 5.
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Aug 22, 2023):

it means that you can only intercept your app, because you have to edit the network.xml file.

If you'd like to intercept entire Android, you have to follow this guide to install the certificate into the System Android: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/

It's quite tricky to do it.

<!-- gh-comment-id:1688367788 --> @NghiaTranUIT commented on GitHub (Aug 22, 2023): it means that you can only intercept your app, because you have to edit the network.xml file. If you'd like to intercept entire Android, you have to follow this guide to install the certificate into the System Android: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/ It's quite tricky to do it.
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@Depisdrul commented on GitHub (Aug 22, 2023):

You have to follow all steps from the Setup Guide, especially step 5.

This was already done, that is why I opened an issue. Is it still not working despite us following the guidelines

I actually have no need to intercept the whole system, but your guide advised you try to do this to check that your setup was correct. In case you are not supposed to be able to do this, I suggest updating the material with an explaination

<!-- gh-comment-id:1688440873 --> @Depisdrul commented on GitHub (Aug 22, 2023): > You have to follow all steps from the Setup Guide, especially step 5. This was already done, that is why I opened an issue. Is it still not working despite us following the guidelines I actually have no need to intercept the whole system, but your guide advised you try to do this to check that your setup was correct. In case you are not supposed to be able to do this, I suggest updating the material with an explaination
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Aug 22, 2023):

go to google.com on phone

I guess you're using Google Chrome on Android Emulator. Unfortunately, it doesn't work with Google Chrome. Android only allows developers to intercept HTTPS from your own app, which is also defined in the network.xml file.

To intercept traffic from Google Chrome app, you should follow the guide in my previous comment, to install the certificate to the System.

<!-- gh-comment-id:1688464017 --> @NghiaTranUIT commented on GitHub (Aug 22, 2023): > go to google.com on phone I guess you're using Google Chrome on Android Emulator. Unfortunately, it doesn't work with Google Chrome. Android only allows developers to intercept HTTPS from your own app, which is also defined in the `network.xml` file. To intercept traffic from Google Chrome app, you should follow the guide in my previous comment, to install the certificate to the System.
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@Depisdrul commented on GitHub (Aug 23, 2023):

I guess you're using Google Chrome on Android Emulator. Unfortunately, it doesn't work with Google Chrome. Android only allows developers to intercept HTTPS from your own app, which is also defined in the network.xml file.

To intercept traffic from Google Chrome app, you should follow the guide in my previous comment, to install the certificate to the System.

I am not using any emulators, as described in the issue 😄 I am using my own app on a real Android device

<!-- gh-comment-id:1689704367 --> @Depisdrul commented on GitHub (Aug 23, 2023): > I guess you're using Google Chrome on Android Emulator. Unfortunately, it doesn't work with Google Chrome. Android only allows developers to intercept HTTPS from your own app, which is also defined in the network.xml file. > To intercept traffic from Google Chrome app, you should follow the guide in my previous comment, to install the certificate to the System. I am not using any emulators, as described in the issue 😄 I am using my own app on a real Android device
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Aug 23, 2023):

Ah, I mean: Android devices or Android emulators are the same. You need to install the certificate to the System CA, in order to decrypt HTTPS traffic from Google Chrome.

<!-- gh-comment-id:1689747759 --> @NghiaTranUIT commented on GitHub (Aug 23, 2023): Ah, I mean: Android devices or Android emulators are the same. You need to install the certificate to the System CA, in order to decrypt HTTPS traffic from Google Chrome.
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@Depisdrul commented on GitHub (Aug 23, 2023):

Thanks! However, don't need to decrypt traffic from Google Chrome, as I explained earlier, I need to decrypt to test a custom App (for which the developer has followed the setup steps)
The Google issue was that the Proxyman guide suggested trying to read the response from google to check if the setup was already completed. If it is impossible to do so with the basic setup on Android, maybe it should be indicated in the comment

Is the "install the certificate to the System CA" the step from the initial guide instructing you to open http://proxy.man.ssl page to download and install the CA certificate on Android?

<!-- gh-comment-id:1690116484 --> @Depisdrul commented on GitHub (Aug 23, 2023): Thanks! However, don't need to decrypt traffic from Google Chrome, as I explained earlier, I need to decrypt to test a custom App (for which the developer has followed the setup steps) The Google issue was that the Proxyman guide suggested trying to read the response from google to check if the setup was already completed. If it is impossible to do so with the basic setup on Android, maybe it should be indicated in the comment Is the "install the certificate to the System CA" the step from the initial guide instructing you to open `http://proxy.man.ssl` page to download and install the CA certificate on Android?
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@Depisdrul commented on GitHub (Sep 12, 2023):

@NghiaTranUIT Any update on this?

<!-- gh-comment-id:1715856463 --> @Depisdrul commented on GitHub (Sep 12, 2023): @NghiaTranUIT Any update on this?
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 13, 2023):

I need to decrypt to test a custom App (for which the developer has followed the setup steps)

Is it your app and do you have the source code?

Step 5 requires adding the network_security_config.xml into your source code, in order to decrypt the HTTPS traffic from your own app. If you debug apps from the Google Store, you can't finish the setup 5 -> Can't decrypt HTTPS traffic.

<!-- gh-comment-id:1716859457 --> @NghiaTranUIT commented on GitHub (Sep 13, 2023): > I need to decrypt to test a custom App (for which the developer has followed the setup steps) Is it your app and do you have the source code? Step 5 requires adding the `network_security_config.xml` into your source code, in order to decrypt the HTTPS traffic from your own app. If you debug apps from the Google Store, you can't finish the setup 5 -> Can't decrypt HTTPS traffic.
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Sep 13, 2023):

If you want to decrypt HTTPS traffic from an app on Google Play, you also don't have a source code. It's trickier. You have to install the Proxyman CA Certificate into the system (Not User) by following this Docs: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/

<!-- gh-comment-id:1716860211 --> @NghiaTranUIT commented on GitHub (Sep 13, 2023): If you want to decrypt HTTPS traffic from an app on Google Play, you also don't have a source code. It's trickier. You have to install the Proxyman CA Certificate into the system (Not User) by following this Docs: https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@Depisdrul commented on GitHub (Sep 13, 2023):

Is it your app and do you have the source code?

I have installed the App from an apk file that was provided by the developer himself with the debugging setup, as described by your guide. Also, I followed the steps to setup the computer with proxyman and the phone with the App (as described by your guide). In short, we followed the instructions by the book, so I don't see why after following the procedure I still cannon see the requests from the App

<!-- gh-comment-id:1717067148 --> @Depisdrul commented on GitHub (Sep 13, 2023): > Is it your app and do you have the source code? I have installed the App from an apk file that was provided by the developer himself with the debugging setup, as described by your guide. Also, I followed the steps to setup the computer with proxyman and the phone with the App (as described by your guide). In short, we followed the instructions by the book, so I don't see why after following the procedure I still cannon see the requests from the App
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@Depisdrul commented on GitHub (Oct 19, 2023):

@NghiaTranUIT Any news on this?

<!-- gh-comment-id:1770504659 --> @Depisdrul commented on GitHub (Oct 19, 2023): @NghiaTranUIT Any news on this?
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Oct 19, 2023):

Sorry, it's really difficult to tell what's wrong. Here are some I suspect:

  • Maybe your dev team provides the Android app with the wrong config. Please request your teammate, to follow the new Android Setup Guide. This new setup doesn't require to add the app domains.
  • Your dev teammate: Make sure 2 files are added: res/xml/network_security_config.xml and AndroidManifest.xml
  • Your dev teammate: Ask them to disable the SSL Pinning if it's enabled.

Your turn:

  • Make sure you've installed the certificate on your Mac correctly.
  • Follow the Android setup guide -> Install the certificate to your Android. Verify Proxyman CA Certificate is in the Trusted Credential Tab
Screenshot 2023-10-19 at 20 12 27
<!-- gh-comment-id:1770963684 --> @NghiaTranUIT commented on GitHub (Oct 19, 2023): Sorry, it's really difficult to tell what's wrong. Here are some I suspect: - Maybe your dev team provides the Android app with the wrong config. Please request your teammate, to follow the new [Android Setup Guide](https://docs.proxyman.io/debug-devices/android-device#1.-android-setup-guide). This new setup doesn't require to add the app domains. - Your dev teammate: Make sure 2 files are added: `res/xml/network_security_config.xml` and `AndroidManifest.xml` - Your dev teammate: Ask them to disable the SSL Pinning if it's enabled. --------- Your turn: - Make sure you've installed the certificate on your Mac correctly. - Follow the Android setup guide -> Install the certificate to your Android. Verify Proxyman CA Certificate is in the Trusted Credential Tab <img width="786" alt="Screenshot 2023-10-19 at 20 12 27" src="https://github.com/ProxymanApp/Proxyman/assets/5878421/bc5f7bb7-19de-418f-9db5-3886eeacd189">
kerem commented 2026-03-03 19:53:59 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Oct 19, 2023):

It's better to request your Dev teammate to try it on his devices, with his setup -> To verify it's working on his side first.

Then, ship the APK file to your side.

<!-- gh-comment-id:1770965088 --> @NghiaTranUIT commented on GitHub (Oct 19, 2023): It's better to request your Dev teammate to try it on his devices, with his setup -> To verify it's working on his side first. Then, ship the APK file to your side.
kerem commented 2026-03-03 19:54:00 +03:00
Author
Owner
Copy link

@sriadimanav commented on GitHub (Nov 10, 2023):

UPDATE: tried this tool
https://github.com/shroudedcode/apk-mitm
after that it worked
NOTE: my app is built using react native, which uses Android OkHttp library for network calls link

so my question is @NghiaTranUIT, what this tools is doing extra that it is working

<!-- gh-comment-id:1805257856 --> @sriadimanav commented on GitHub (Nov 10, 2023): UPDATE: tried this tool https://github.com/shroudedcode/apk-mitm after that it worked NOTE: my app is built using react native, which uses Android OkHttp library for network calls [link](https://www.callstack.com/blog/ssl-pinning-in-react-native-apps) so my question is @NghiaTranUIT, what this tools is doing extra that it is working
kerem commented 2026-03-03 19:54:00 +03:00
Author
Owner
Copy link

@sriadimanav commented on GitHub (Nov 10, 2023):

UPDATE: How to ignore SSL for react native
https://medium.com/@rushitjivani/how-to-ignore-ssl-for-react-native-android-ios-4942e10ea667

<!-- gh-comment-id:1805546613 --> @sriadimanav commented on GitHub (Nov 10, 2023): UPDATE: How to ignore SSL for react native https://medium.com/@rushitjivani/how-to-ignore-ssl-for-react-native-android-ios-4942e10ea667
kerem commented 2026-03-03 19:54:00 +03:00
Author
Owner
Copy link

@cyb-jenkins commented on GitHub (Oct 22, 2024):

You have to follow all steps from the Setup Guide, especially step 5.

This was already done, that is why I opened an issue. Is it still not working despite us following the guidelines

I actually have no need to intercept the whole system, but your guide advised you try to do this to check that your setup was correct. In case you are not supposed to be able to do this, I suggest updating the material with an explaination

Hi, Please try these steps :

-In Proxyman go to Certificates tab and do Reset of all Proxyman certificates.
-Once reset is done , again in same tab Install certificate on windows/Mac.
Now try to intercept traffic.

image

<!-- gh-comment-id:2428126318 --> @cyb-jenkins commented on GitHub (Oct 22, 2024): > > You have to follow all steps from the Setup Guide, especially step 5. > > This was already done, that is why I opened an issue. Is it still not working despite us following the guidelines > > I actually have no need to intercept the whole system, but your guide advised you try to do this to check that your setup was correct. In case you are not supposed to be able to do this, I suggest updating the material with an explaination Hi, Please try these steps : -In Proxyman go to Certificates tab and do Reset of all Proxyman certificates. -Once reset is done , again in same tab Install certificate on windows/Mac. Now try to intercept traffic. ![image](https://github.com/user-attachments/assets/52d6411c-61bf-48f9-ab8c-7d2525adc26c)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#1742
No description provided.