Proxy https traffic from NodeJS 10.x

#1

Requests from the Axios library with NodeJS 10 fails with ERR_TLS_CERT_ALTNAME_INVALID when proxied through Mitm:

⇒  NODE_EXTRA_CA_CERTS=~/.mitmproxy/mitmproxy-ca-cert.pem node -e "require('axios').create().get('https://www.google.com').then(r => console.log(r.status))"                   
(node:1207) UnhandledPromiseRejectionWarning: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Cert is empty
    at Object.checkServerIdentity (tls.js:235:17)

I cut out Axios and used the Node https module directly and I still get the error:

⇒  NODE_EXTRA_CA_CERTS=~/.mitmproxy/mitmproxy-ca-cert.pem node -e "require('https').get({ hostname: 'localhost', port: '8888', path: 'https://www.google.com/'}, res => { console.log(res.statusCode) })" 
events.js:174
      throw er; // Unhandled 'error' event
      ^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Cert is empty
    at Object.checkServerIdentity (tls.js:235:17)
    at TLSSocket.onConnectSecure (_tls_wrap.js:1061:27)
    at TLSSocket.emit (events.js:189:13)
    at TLSSocket._finishInit (_tls_wrap.js:633:8)

As a workaround I tried ignoring invalid certs but I am getting “bad request” from the mitm server:

⇒  NODE_TLS_REJECT_UNAUTHORIZED=0 node -e "require('https').get({ hostname: 'localhost', port: '9999', path: 'https://www.google.com/', headers: { host: 'www.google.com' } }, res => { console.log(res.statusCode, res.statusMessage, res.headers) })"  
400 'Bad Request' { server: 'mitmproxy 4.0.4',
  connection: 'close',
  'content-length': '260',
  'content-type': 'text/html' }

I can’t tell if this is an issue with Mitmproxy of if it is an issue with the way the HTTP request is being crafted in the Axios library. Any ideas?

(also posted to https://github.com/axios/axios/issues/2051)

0 Likes