Transparent mode issue (with VPN)

xBolachas · March 19, 2019, 12:15pm

I’ve set up an openvpn server (tcp connection).
After the traffic passes through the vpn i redirect port 80/443 to 8080 (iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080) (also ip6tables) (tun0 is the vpn gateway).
(Mitmproxy is working explicitly (installed the cert, etc))
Then I start mitm with --mode transparent --showhost (also tried --ssl-insecure).
Most traffic passes through normally, but some sites give alot of warnings:
1- Client Handshake failed. The client may not trust the proxy’s certificate for xxxx.
2- Certificate verification error for xxx: unable to get local issuer certificate(errno:20, depth: 1)
3- Invalid certificate, closing connection
4- (just a few) Cannot establish TLS with xxx:443(sni:xxx): TlsException(“SSL handshake error:SysCallError(104, ‘ECONNRESERT’)”,)

What have I done wrong? Do I need to replace openvpn certificates with mitm certificate?

PS: I’m probably just dumb.

xBolachas · March 20, 2019, 5:58pm

Not sure if this is the problem, but I found out that chrome has a hkpk preload list (couldnt find a way to remove it yet) and for some reason transparent mode cant bypass that list like explicit mode.
On the other hand, traffic in firefox shows up almost perfectly (they probably have a list aswell).
The thing is, I dont understand why that only applies to transparent mode…

Any suggestions?

Topic		Replies	Views
Issues with transparent mode help	2	3367	August 9, 2016
Transparent mode proxying imaps traffic - certificate error?	1	5207	August 18, 2016
Occasionally Segfault in Transparent Mode help	0	615	March 19, 2018
OpenVPN with mitproxy help	0	1230	December 20, 2018
Transparent mode misconfiguration	1	2414	October 29, 2018

Transparent mode issue (with VPN)

Related Topics