Hi,
I want to run mitmproxy as generic ssl proxy to proxy secure imap.
I’m running mitmproxy in transparent mode and running thunderbird as imap client.
I have installed the mitmproxy root cert, but i still get following error:
192.168.78.100:40970: Client Handshake failed. The client may not trust the proxy’s certificate for
If i delete the mitmproxy root cert from the thunderbird cert-store, i get a certificate warning with the generated mitm-certificate, so ssl-interception seems to work.
Any idea how to solve this issue?
Running mitmproxy 0.17 on ubuntu 16.04.
Tried:
mitmdump -T -w out.txt --tcp
and
mitmdump -T -ddd -w out.txt --raw-tcp
Thanks,
Clemens
Another try using mitmdump.
> root@ubuntu:~# mitmdump -T -v --port 8080 --tcp IP_ADDR:993
> 192.168.78.100:57364: clientconnect
> 192.168.78.100:57364: serverconnect
> -> IP_ADDR:993
> 192.168.78.100:57364: Establish TLS with server
> 192.168.78.100:57364: TLS verification failed for upstream server at depth 0 with error: 20
> 192.168.78.100:57364: Ignoring server verification error, continuing with connection
> 192.168.78.100:57364: ALPN selected by server:
> 192.168.78.100:57364: Establish TLS with client
> 192.168.78.100:57364: serverdisconnect
> -> 83.136.86.18:993
> 192.168.78.100:57364: Client Handshake failed. The client may not trust the proxy’s certificate for mail.rechnerservice.at.
> 192.168.78.100:57364: ClientHandshakeException(“Cannot establish TLS with client (sni: host.domain.at): TlsException(’’,)”,)
> 192.168.78.100:57364: clientdisconnect
Even if i use the original certificate and key passed with the option --cert, the same error occurs.
Should it generally be possible to intercept generic SSL traffic (e.g. IMAP)?
Am i doing something completely wrong?
Here’s a wireshark capture of the TLS handshake…just an overview, but perhaps someone can point me in the right direction?
