[GH-ISSUE #1835] SSL Pinning is globally not working properly on Proxyman #1826

New issue

Open

opened 2026-03-03 19:54:42 +03:00 by kerem · 3 comments

kerem commented 2026-03-03 19:54:42 +03:00

Owner

Copy link

Originally created by @novitae on GitHub (Oct 31, 2023).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1835

Description

Few times in the past I've reported in the issues of this app that some requests from my jailbroken iPhone, with all the ssl bypass setup done, are mysteriously not being read on Proxyman, having the SSL error. And few weeks ago I switched to burp suite. And on burp suite I've not had once an issue with the requests that are failing to be decrypted on Proxyman.

Steps to Reproduce

The best step to reproduce to be sure is the Madrid identity lookup of FaceTime on iPhones. I guess that you won't have the appropriate stuff at disposition to test it yourself, but I'm writing it anyway.

1. Get an iPhone 7
2. Jailbreak it using palera1n and setup fakefs, then boot the phone with palera1n -f
3. On the iPhone, install SSL Kill Switch 2. Switch it on.

You can follow more precisely on the gist I made here https://gist.github.com/novitae/2f04999039a6012813fb122d35a4c044

5. Install the root certificate of Proxyman on the iPhone, and also the one of burp suite (I'm on not professional)
6. Listen and do SSL Proxying on *
7. Open FaceTime.
8. Type an email or phone number, and validate.
9. A request should be sent to query.ess.apple.com. This request is to check if the phone or email is connected to FaceTime, and so, callable.
10. The request on Proxyman will fail. The request on burp (default settings) will be decrypted.

Current Behavior

Not decrypted.

Expected Behavior

Should've been read.

Environment

• App version: e.g Proxyman 4.13.0
• macOS version: e.g macOS Sonoma

Originally created by @novitae on GitHub (Oct 31, 2023). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1835 ## Description Few times in the past I've reported in the issues of this app that some requests from my jailbroken iPhone, with all the ssl bypass setup done, are mysteriously not being read on Proxyman, having the SSL error. And few weeks ago I switched to burp suite. And on burp suite I've not had once an issue with the requests that are failing to be decrypted on Proxyman. ## Steps to Reproduce The best step to reproduce to be sure is the Madrid identity lookup of FaceTime on iPhones. I guess that you won't have the appropriate stuff at disposition to test it yourself, but I'm writing it anyway. 1. Get an iPhone 7 2. Jailbreak it using palera1n and setup fakefs, then boot the phone with `palera1n -f` 3. On the iPhone, install SSL Kill Switch 2. Switch it on. You can follow more precisely on the gist I made here https://gist.github.com/novitae/2f04999039a6012813fb122d35a4c044 5. Install the root certificate of Proxyman on the iPhone, and also the one of burp suite (I'm on not professional) 6. Listen and do SSL Proxying on `*` 7. Open FaceTime. 8. Type an email or phone number, and validate. 9. A request should be sent to `query.ess.apple.com`. This request is to check if the phone or email is connected to FaceTime, and so, callable. 10. The request on Proxyman will fail. The request on burp (default settings) will be decrypted. ## Current Behavior Not decrypted. ## Expected Behavior Should've been read. ## Environment - App version: e.g Proxyman 4.13.0 - macOS version: e.g macOS Sonoma

kerem added the

bug

label 2026-03-03 19:54:42 +03:00

kerem commented 2026-03-03 19:54:43 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Nov 1, 2023):

Thanks for opening the ticket but I'm not sure how to reproduce it since I don't have any jailbreak iPhone 7.

Can you get me the error log in the Help menu -> Advance -> Enable Debug Mode -> and copy me the SSL Error in the Terminal App?

One thing difference between Burp and Proxyman is:

• Burp uses HTTP/2 by default
• Proxyman use HTTP/1

=> Can you switch to HTTP/1.1 from Burp to confirm that you can decrypt HTTPS data?

<!-- gh-comment-id:1788258357 --> @NghiaTranUIT commented on GitHub (Nov 1, 2023): Thanks for opening the ticket but I'm not sure how to reproduce it since I don't have any jailbreak iPhone 7. Can you get me the error log in the Help menu -> Advance -> Enable Debug Mode -> and copy me the SSL Error in the Terminal App? One thing difference between Burp and Proxyman is: - Burp uses HTTP/2 by default - Proxyman use HTTP/1 => Can you switch to HTTP/1.1 from Burp to confirm that you can decrypt HTTPS data?

kerem commented 2026-03-03 19:54:43 +03:00

Author

Owner

Copy link

@novitae commented on GitHub (Nov 1, 2023):

Mmmmh well I didn't tested before submitting this issue, but now it seems it is working. You probably did a fix that I didn't know of since my configuration is the same as before.

<!-- gh-comment-id:1788872796 --> @novitae commented on GitHub (Nov 1, 2023): Mmmmh well I didn't tested before submitting this issue, but now it seems it is working. You probably did a fix that I didn't know of since my configuration is the same as before.

kerem commented 2026-03-03 19:54:43 +03:00

Author

Owner

Copy link

@novitae commented on GitHub (Dec 5, 2023):

@NghiaTranUIT I finally found an example of app that has this issue, and not on burp. Im going to put all the screenshots, and do my best to assist you to find a solution !

So the traffic of application of Kick (the streaming platform) on iOS is not decrypted in Proxyman, but is in Burp. Here is my Proxyman trying to pass the traffic in it (the SSL proxying is activated, it is just disabled for gateway.apple.com, it's normal, but otherwise it's a *).

And here is Burp's interface with the same requests (simply opening the app Kick):

My iPhone has both certificates installed and trusted, and as root. It is jailbroken, but I've disabled SSL Kill switch on the iPhone for the test, so the request should be as on a regular iPhone. iPhone 7, iOS 15.5.

<!-- gh-comment-id:1841328702 --> @novitae commented on GitHub (Dec 5, 2023): @NghiaTranUIT I finally found an example of app that has this issue, and not on burp. Im going to put all the screenshots, and do my best to assist you to find a solution ! So the traffic of application of `Kick` (the streaming platform) on iOS is not decrypted in Proxyman, but is in Burp. Here is my Proxyman trying to pass the traffic in it (the SSL proxying is activated, it is just disabled for `gateway.apple.com`, it's normal, but otherwise it's a `*`). <img width="1512" alt="Capture d’écran 2023-12-05 à 18 54 18" src="https://github.com/ProxymanApp/Proxyman/assets/85891169/ea972edb-ba99-44ff-8bb7-5d5623fccbd1"> <img width="1137" alt="Capture d’écran 2023-12-05 à 18 54 10" src="https://github.com/ProxymanApp/Proxyman/assets/85891169/15a3595e-2ef6-4e75-bd65-6f71f4e76637"> And here is Burp's interface with the same requests (simply opening the app Kick): <img width="1512" alt="Capture d’écran 2023-12-05 à 18 56 32" src="https://github.com/ProxymanApp/Proxyman/assets/85891169/6e6138fd-c19b-4c29-872c-e7d71fc06bda"> My iPhone has both certificates installed and trusted, and as root. It is jailbroken, but I've disabled SSL Kill switch on the iPhone for the test, so the request should be as on a regular iPhone. iPhone 7, iOS 15.5.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

6.9.0

6.8.0

6.7.0

6.6.0

6.5.0

6.4.0

6.3.0

6.2.0

6.1.0

6.0.2

6.0.0

6.0.1

5.25.0

5.24.0

5.23.0

5.23.1

5.22.0

5.20.0

5.21.0

5.19.0

5.18.0

5.17.0

5.16.0

5.15.0

5.14.0

5.12.2

5.12.1

5.12.0

5.11.0

5.10.0

5.8.0

5.9.0

5.7.0

5.6.1

5.6.0

5.5.0

5.4.0

5.2.0

5.3.0

5.1.1

5.0.0

4.16.0

4.15.0

4.14.0

4.13.0

4.12.0

4.11.0

4.10.0

4.9.1

4.9.0

4.8.2

4.8.1

4.8.0

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.0

4.0.0

3.15.0

3.14.0

3.13.0

3.12.0

3.11.0

3.10.0

3.9.0

3.8.0

3.7.0

3.6.2

3.6.1

3.6.0

3.5.2

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.35.4

2.35.3

2.35.2

2.35.1

2.35.0

2.34.1

2.34.0

2.33.0

2.32.1

2.32.0

2.31.0

2.30.0

2.29.0

2.28.0

2.27.0

2.26.0

2.25.0

2.24.0

2.23.0

2.22.0

2.21.1

2.21.0

2.20.0

2.19.0

2.18.0

2.17.0

2.16.1

2.16.0

2.15.2

2.15.1

2.15.0

2.14.2

2.14.1

2.14.0

2.13.0

2.12.0

2.11.1

2.11.0

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.0

2.5.3

2.5.2

2.5.1

2.5.0

2.4.2

2.4.1

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.24.0

1.23.0

1.22.0

1.21.0

1.20.0

1.19.0

1.18.1

1.18.0

1.17.1

1.17.0

1.16.0

1.15.0

1.14.1

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5.1

1.4.5

1.4.4.1

1.4.4

1.4.3

1.4.2

1.4.1.1

1.4.1

1.4

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4.3

1.3.4.2

1.3.4.1

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2

1.1.2

1.1.1

1.1

1.0.3

1.0.2

1.0

0.8.1

0.8

0.7

0.6

0.5.1

0.5

v0.4.1

Labels

Clear labels   

Discussion

  

Feature request

  

In Progress...

  

Plugins

  

Waiting response

  

Windows

  

Windows

  

bug

  

duplicate

  

enhancement

  

feature

  

good first issue

  

iOS

  

macOS 10.11

  

question

  

wontfix

  

✅ Done

No labels

Discussion

Feature request

In Progress...

Plugins

Waiting response

Windows

Windows

bug

duplicate

enhancement

feature

good first issue

iOS

macOS 10.11

question

wontfix

✅ Done

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Proxyman#1826

No description provided.