starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-25 16:15:55 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #421] 400 Bad Request downloading iOS Root CA #417

New issue
Open
opened 2026-03-03 19:18:34 +03:00 by kerem · 11 comments
kerem commented 2026-03-03 19:18:34 +03:00
Owner
Copy link

Originally created by @FinHorsley on GitHub (Mar 2, 2020).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/421

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

Version 1.17.1 (11710)

macOS Version? (Ex. mac 10.14)

Version 10.15.3 (19D76)

iOS Version

Version 13.3.1

Steps to reproduce

Follow the steps to install iOS certificate on physical device.

The http://proxy.man/ssl request returns a 400 Bad Request

image

Expected behavior

iOS will show the alert to install the certificate

Originally created by @FinHorsley on GitHub (Mar 2, 2020). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/421 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) Version 1.17.1 (11710) ### macOS Version? (Ex. mac 10.14) Version 10.15.3 (19D76) ### iOS Version Version 13.3.1 ### Steps to reproduce Follow the steps to install iOS certificate on physical device. The http://proxy.man/ssl request returns a 400 Bad Request ![image](https://user-images.githubusercontent.com/10697741/75720393-52c6cc80-5cce-11ea-99eb-0d8542a5ba46.png) ### Expected behavior iOS will show the alert to install the certificate
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

Hi @FinHorsley, I tested and I was able to reproduce your bug if we had not install the Proxyman CA first (Step 1)

Screen_Shot_2020-03-03_at_9_54_04_AM
  1. Let try to install the Proxyman Certificate first (Verify that you're able to see HTTPS Response on Google.com from Safari or Google Chrome)
  2. Config the HTTP Proxy on your iPhone
  3. Going to proxy.man/ssl
  4. Follow the remaining steps to trust the certificate

IMG_4074

Tutorial: https://proxyman.io/blog/2019/06/How-I-use-Proxyman-to-see-HTTP-requests-responses-on-my-iPhone.html

Please let me know if it works for you.

<!-- gh-comment-id:593741683 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): Hi @FinHorsley, I tested and I was able to reproduce your bug if we had not install the Proxyman CA first (Step 1) <img width="831" alt="Screen_Shot_2020-03-03_at_9_54_04_AM" src="https://user-images.githubusercontent.com/5878421/75738527-24c8a300-5d35-11ea-8d89-49f733dec944.png"> 1. Let try to install the Proxyman Certificate first (Verify that you're able to see HTTPS Response on Google.com from Safari or Google Chrome) 2. Config the HTTP Proxy on your iPhone 3. Going to proxy.man/ssl 4. Follow the remaining steps to trust the certificate ![IMG_4074](https://user-images.githubusercontent.com/5878421/75738649-6ce7c580-5d35-11ea-8da4-fc1ec987b77e.PNG) Tutorial: https://proxyman.io/blog/2019/06/How-I-use-Proxyman-to-see-HTTP-requests-responses-on-my-iPhone.html Please let me know if it works for you.
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@FinHorsley commented on GitHub (Mar 3, 2020):

Thanks 😊

Is the cause behind this because the “Install Root Proxyman Certificate on this Mac” actually creates the Root CA?

In my case I was trying to fetch the root CA from iOS, but ProxyMan hadn’t created the CA yet?

<!-- gh-comment-id:593946529 --> @FinHorsley commented on GitHub (Mar 3, 2020): Thanks 😊 Is the cause behind this because the “Install Root Proxyman Certificate on this Mac” actually creates the Root CA? In my case I was trying to fetch the root CA from iOS, but ProxyMan hadn’t created the CA yet?
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

Is the cause behind this because the “Install Root Proxyman Certificate on this Mac” actually creates the Root CA?

Yes, it's

In my case I was trying to fetch the root CA from iOS, but ProxyMan hadn’t created the CA yet?

That's correct.

Proxyman separates the generation Proxyman CA step and the fetch from iOS. In order to work, we have to install the certificate firstly 🙌

<!-- gh-comment-id:593951437 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): > Is the cause behind this because the “Install Root Proxyman Certificate on this Mac” actually creates the Root CA? Yes, it's > In my case I was trying to fetch the root CA from iOS, but ProxyMan hadn’t created the CA yet? That's correct. Proxyman separates the generation Proxyman CA step and the fetch from iOS. In order to work, we have to install the certificate firstly 🙌
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

I also improve the behavior by adding some useful instruction if we got 400 Bad Request (https://github.com/ProxymanApp/Proxyman/issues/422) 👍

<!-- gh-comment-id:593951952 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): I also improve the behavior by adding some useful instruction if we got 400 Bad Request (https://github.com/ProxymanApp/Proxyman/issues/422) 👍
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@FinHorsley commented on GitHub (Mar 3, 2020):

Why do i need to trust the RootCA on macOS in order to see SSL responses coming from an iOS device?

I understand that I'd need to trust the certificate on Mac to see the macs traffic, but not for iOS

<!-- gh-comment-id:593959919 --> @FinHorsley commented on GitHub (Mar 3, 2020): Why do i need to trust the RootCA on macOS in order to see SSL responses coming from an iOS device? I understand that I'd need to trust the certificate on Mac to see the macs traffic, but not for iOS
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

Why do i need to trust the RootCA on macOS in order to see SSL responses coming from an iOS device?

It's a really good question. From what I understand, we don't need to trust RootCA on macOS, but we have to generate the certificate firstly(and the generation step comes with trusting the certificate, it' our decision to make it easier to use).

In your first case, you haven't generated any certificates, so it's 400 Bad Request (Missing file)

<!-- gh-comment-id:593985672 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): > Why do i need to trust the RootCA on macOS in order to see SSL responses coming from an iOS device? It's a really good question. From what I understand, we don't need to trust RootCA on macOS, but we have to generate the certificate firstly(and the generation step comes with trusting the certificate, it' our decision to make it easier to use). In your first case, you haven't generated any certificates, so it's 400 Bad Request (Missing file)
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

But thank for the question, I will consider to improve this procedure 👍 @FinHorsley

<!-- gh-comment-id:593985859 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): But thank for the question, I will consider to improve this procedure 👍 @FinHorsley
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@FinHorsley commented on GitHub (Mar 3, 2020):

So I have created the root CA (using the manual process) on my Mac, but purposely didn’t trust that certificate.

When I come to intercept traffic from iOS, ProxyMan says that I have to trust the certificate on MacOS before I can inspect SSL responses.

Is this expected behaviour?

<!-- gh-comment-id:593991424 --> @FinHorsley commented on GitHub (Mar 3, 2020): So I have created the root CA (using the manual process) on my Mac, but purposely didn’t trust that certificate. When I come to intercept traffic from iOS, ProxyMan says that I have to trust the certificate on MacOS **before** I can inspect SSL responses. Is this expected behaviour?
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

At the moment, it's expected behavior because at the initial development, I'm not aware that we don't need to trust Proxyman CA on macOS in order to intercept the requests from your iPhone 😬

I will consider to fix it to make more flexible than forcing trust the certificates.

<!-- gh-comment-id:593999996 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): At the moment, it's expected behavior because at the initial development, I'm not aware that we don't need to trust Proxyman CA on macOS in order to intercept the requests from your iPhone 😬 I will consider to fix it to make more flexible than forcing trust the certificates.
kerem commented 2026-03-03 19:18:35 +03:00
Author
Owner
Copy link

@FinHorsley commented on GitHub (Mar 3, 2020):

That’s great 😊

(I don’t think it’s necessarily to install the rootCA on MacOS for this, having used tools like MitmProxy in the past I know they don’t require this)

<!-- gh-comment-id:594006002 --> @FinHorsley commented on GitHub (Mar 3, 2020): That’s great 😊 (I don’t think it’s necessarily to install the rootCA on MacOS for this, having used tools like MitmProxy in the past I know they don’t require this)
kerem commented 2026-03-03 19:18:36 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Mar 3, 2020):

Totally agree 👍

<!-- gh-comment-id:594024892 --> @NghiaTranUIT commented on GitHub (Mar 3, 2020): Totally agree 👍
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#417
No description provided.