[GH-ISSUE #1905] DNS spoofing with custom certificate doesn't work unless connecting before #1896

New issue

Closed

opened 2026-03-03 19:55:15 +03:00 by kerem · 2 comments

kerem commented 2026-03-03 19:55:15 +03:00

Owner

Copy link

Originally created by @nihaals on GitHub (Jan 13, 2024).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1905

Originally assigned to: @NghiaTranUIT on GitHub.

Description

When using DNS spoofing to map a HTTPS request to another IP with a certificate that is not normally trusted, Proxyman gives "Could not resolve the host name. Double check the domain or change DNS Setting might fix it.", even if the certificate is trusted. Disabling the spoof, sending a request to the host and then enabling the spoof again works.

Steps to Reproduce

1. Run a HTTPS server with a custom CA-signed certificate (e.g. with Caddy and using tls internal) for example.com
   • This might also work with a self-signed certificate but I haven't tested it
2. Trust the CA certificate
3. Test that the certificate is trusted by e.g. editing the hosts file and notice you can connect
4. Set up a DNS spoof for example.com pointing to the IP of the HTTPS server
5. Restart Proxyman
6. Attempt to send a request to example.com
7. Notice the error "Could not resolve the host name. Double check the domain or change DNS Setting might fix it."
8. Disable the spoof (uncheck it)
9. Notice the request works
10. Enable the spoof
11. Notice the request works and correctly uses your own HTTPS server
12. Restart Proxyman
13. Notice the issue has returned

• To generate a CA certificate you can run openssl genrsa -out root_ca_key.pem 2048 and openssl req -x509 -sha256 -new -nodes -key root_ca_key.pem -days 365 -out root_ca_cert.pem
• An example Caddyfile:

{
  skip_install_trust
  pki {
    ca {
      root {
        cert "/etc/caddy/root_ca_cert.pem"
        key "/etc/caddy/root_ca_key.pem"
      }
    }
  }
}

https://example.com {
  tls internal
  respond "Hello, world!"
}

Current Behavior

The request fails and requires disabling, connecting and re-enabling.

Expected Behavior

The request just works (like it does outside of Proxyman).

Environment

• App version: Proxyman 4.16.0
• macOS version: macOS 13.6.2

Originally created by @nihaals on GitHub (Jan 13, 2024). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/1905 Originally assigned to: @NghiaTranUIT on GitHub. ## Description When using DNS spoofing to map a HTTPS request to another IP with a certificate that is not normally trusted, Proxyman gives "Could not resolve the host name. Double check the domain or change DNS Setting might fix it.", even if the certificate is trusted. Disabling the spoof, sending a request to the host and then enabling the spoof again works. ## Steps to Reproduce 1. Run a HTTPS server with a custom CA-signed certificate (e.g. with Caddy and using `tls internal`) for `example.com` - This might also work with a self-signed certificate but I haven't tested it 2. Trust the CA certificate 3. Test that the certificate is trusted by e.g. editing the hosts file and notice you can connect 4. Set up a DNS spoof for `example.com` pointing to the IP of the HTTPS server 5. Restart Proxyman 6. Attempt to send a request to `example.com` 7. Notice the error "Could not resolve the host name. Double check the domain or change DNS Setting might fix it." 8. Disable the spoof (uncheck it) 9. Notice the request works 10. Enable the spoof 11. Notice the request works and correctly uses your own HTTPS server 12. Restart Proxyman 13. Notice the issue has returned - To generate a CA certificate you can run `openssl genrsa -out root_ca_key.pem 2048` and `openssl req -x509 -sha256 -new -nodes -key root_ca_key.pem -days 365 -out root_ca_cert.pem` - An example Caddyfile: ```caddyfile { skip_install_trust pki { ca { root { cert "/etc/caddy/root_ca_cert.pem" key "/etc/caddy/root_ca_key.pem" } } } } https://example.com { tls internal respond "Hello, world!" } ``` ## Current Behavior The request fails and requires disabling, connecting and re-enabling. ## Expected Behavior The request just works (like it does outside of Proxyman). ## Environment - App version: Proxyman 4.16.0 - macOS version: macOS 13.6.2

kerem 2026-03-03 19:55:15 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-03 19:55:16 +03:00

Author

Owner

Copy link

@nihaals commented on GitHub (Feb 1, 2024):

Unsure why as there hasn't been a new update but this all of a sudden works fine now.

<!-- gh-comment-id:1921300273 --> @nihaals commented on GitHub (Feb 1, 2024): Unsure why as there hasn't been a new update but this all of a sudden works fine now.

kerem commented 2026-03-03 19:55:16 +03:00

Author

Owner

Copy link

@NghiaTranUIT commented on GitHub (Feb 2, 2024):

@nihaals Thanks for letting me know. If you're using v4.16.0, it's the latest version.

<!-- gh-comment-id:1922676538 --> @NghiaTranUIT commented on GitHub (Feb 2, 2024): @nihaals Thanks for letting me know. If you're using v4.16.0, it's the latest version.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

6.9.0

6.8.0

6.7.0

6.6.0

6.5.0

6.4.0

6.3.0

6.2.0

6.1.0

6.0.2

6.0.0

6.0.1

5.25.0

5.24.0

5.23.0

5.23.1

5.22.0

5.20.0

5.21.0

5.19.0

5.18.0

5.17.0

5.16.0

5.15.0

5.14.0

5.12.2

5.12.1

5.12.0

5.11.0

5.10.0

5.8.0

5.9.0

5.7.0

5.6.1

5.6.0

5.5.0

5.4.0

5.2.0

5.3.0

5.1.1

5.0.0

4.16.0

4.15.0

4.14.0

4.13.0

4.12.0

4.11.0

4.10.0

4.9.1

4.9.0

4.8.2

4.8.1

4.8.0

4.7.1

4.7.0

4.6.1

4.6.0

4.5.0

4.4.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.0

4.0.0

3.15.0

3.14.0

3.13.0

3.12.0

3.11.0

3.10.0

3.9.0

3.8.0

3.7.0

3.6.2

3.6.1

3.6.0

3.5.2

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.35.4

2.35.3

2.35.2

2.35.1

2.35.0

2.34.1

2.34.0

2.33.0

2.32.1

2.32.0

2.31.0

2.30.0

2.29.0

2.28.0

2.27.0

2.26.0

2.25.0

2.24.0

2.23.0

2.22.0

2.21.1

2.21.0

2.20.0

2.19.0

2.18.0

2.17.0

2.16.1

2.16.0

2.15.2

2.15.1

2.15.0

2.14.2

2.14.1

2.14.0

2.13.0

2.12.0

2.11.1

2.11.0

2.10.0

2.9.1

2.9.0

2.8.0

2.7.0

2.6.0

2.5.3

2.5.2

2.5.1

2.5.0

2.4.2

2.4.1

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.24.0

1.23.0

1.22.0

1.21.0

1.20.0

1.19.0

1.18.1

1.18.0

1.17.1

1.17.0

1.16.0

1.15.0

1.14.1

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.7

1.4.6

1.4.5.1

1.4.5

1.4.4.1

1.4.4

1.4.3

1.4.2

1.4.1.1

1.4.1

1.4

1.3.9

1.3.8

1.3.7

1.3.6

1.3.5

1.3.4.3

1.3.4.2

1.3.4.1

1.3.4

1.3.3

1.3.2

1.3.1

1.3

1.2

1.1.2

1.1.1

1.1

1.0.3

1.0.2

1.0

0.8.1

0.8

0.7

0.6

0.5.1

0.5

v0.4.1

Labels

Clear labels   

Discussion

  

Feature request

  

In Progress...

  

Plugins

  

Waiting response

  

Windows

  

Windows

  

bug

  

duplicate

  

enhancement

  

feature

  

good first issue

  

iOS

  

macOS 10.11

  

question

  

wontfix

  

✅ Done

No labels

Discussion

Feature request

In Progress...

Plugins

Waiting response

Windows

Windows

bug

duplicate

enhancement

feature

good first issue

iOS

macOS 10.11

question

wontfix

✅ Done

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Proxyman#1896

No description provided.