Transparent mode issue (with VPN)

xBolachas · March 19, 2019, 12:15pm

I’ve set up an openvpn server (tcp connection).
After the traffic passes through the vpn i redirect port 80/443 to 8080 (iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080) (also ip6tables) (tun0 is the vpn gateway).
(Mitmproxy is working explicitly (installed the cert, etc))
Then I start mitm with --mode transparent --showhost (also tried --ssl-insecure).
Most traffic passes through normally, but some sites give alot of warnings:
1- Client Handshake failed. The client may not trust the proxy’s certificate for xxxx.
2- Certificate verification error for xxx: unable to get local issuer certificate(errno:20, depth: 1)
3- Invalid certificate, closing connection
4- (just a few) Cannot establish TLS with xxx:443(sni:xxx): TlsException(“SSL handshake error:SysCallError(104, ‘ECONNRESERT’)”,)

What have I done wrong? Do I need to replace openvpn certificates with mitm certificate?

PS: I’m probably just dumb.

xBolachas · March 20, 2019, 5:58pm

Not sure if this is the problem, but I found out that chrome has a hkpk preload list (couldnt find a way to remove it yet) and for some reason transparent mode cant bypass that list like explicit mode.
On the other hand, traffic in firefox shows up almost perfectly (they probably have a list aswell).
The thing is, I dont understand why that only applies to transparent mode…

Any suggestions?

Topic		Replies	Views
Issues with transparent mode help	2	3528	August 9, 2016
Mitweb transparent mode on a Hyper-v VM with Windows 10? help	1	973	January 31, 2019
Mitmproxy Transparent mode not working help	1	4105	August 1, 2019
Cannot tcpdump traffic with transparent mode on local machine help	0	1588	June 3, 2019
Transparent mode proxying imaps traffic - certificate error?	1	5347	August 18, 2016

Transparent mode issue (with VPN)

Related topics