我正在使用Fiddler代理来解密特定应用程序的HTTPS流量,我面临的问题是应用程序似乎正在使用内部浏览器来渲染部分信息,似乎渲染到浏览器Fiddler无法隧道,即使它正在达到相同的主机名。我曾捕捉过一段成功和一段不成功的关系,但我不是这方面的专家,所以希望有人能帮我一把,告诉我是否有什么可以解决的。为了提供完整的信息,我使用越狱的iPhone XR与SSLKillSwitch来绕过固定证书错误,它适用于应用程序中的常规选项,但当我到达使用内部webkit浏览器的部分时,隧道会关闭连接。
这是一个成功建立的隧道:
CONNECT api.xxxxxxxxx.com:443 HTTP/1.1
Host: api.xxxxxxxx.com
User-Agent: Driver/1003.95.3.17728954 CFNetwork/1240.0.4 Darwin/20.6.0
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: 53 36 A3 4D 40 7F 06 DC 59 EF 0D F2 67 BF 69 13 90 B3 40 A7 30 A1 14 54 E8 D0 ED 0D 99 78 66 05
"Time": 4/11/2011 1:11:47 PM
SessionID: 67 37 00 00 89 55 CA 97 B4 ED 1E 51 D3 52 84 D9 C0 95 92 E8 3E AA 22 59 39 ED EE 34 40 D5 26 96
Extensions:
grease (0xaaaa) empty
server_name api.xxxxxxxx.com
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0xfafa], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 FA FA 00 01 00 00 1D 00 20 63 5F C7 E5 45 CB 0C 1B 17 34 69 DF B4 F5 98 0C 91 23 A5 D8 C0 17 C9 8D CC 70 B8 23 C7 79 67 1A
psk_key_exchange_modes 01 01
supported_versions grease [0x2a2a], Tls1.3, Tls1.2
grease (0xcaca) 00
padding 214 null bytes
Ciphers:
[BABA] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 08:53:48.980
Connection: close
Encrypted HTTPS traffic flows through this CONNECT tunnel. HTTPS Decryption is enabled in Fiddler, so decrypted sessions running in this tunnel will be shown in the Web Sessions list.
Secure Protocol: Tls12
Cipher: Aes128 128bits
Hash Algorithm: Sha256 ?bits
Key Exchange: ECDHE_RSA (0xae06) 255bits
== Server Certificate ==========
[Subject]
CN=*.xxxxxx.com, O="Xxxxxx, Inc.", L=San Francisco, S=California, C=US
[Issuer]
CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
[Serial Number]
0E5C9FB26125F869BF32DEFE4B26822E
[Not Before]
6/13/2022 8:00:00 PM
[Not After]
7/15/2023 7:59:59 PM
[Thumbprint]
4F91631510EC84B84A195014E335B1C6748318AF
[SubjectAltNames]
*.xxxxxx.com, xxxxx.com, *.xxxxx.net, xxxxx.net, *.xxxxx.me, xxxxx.me, *.xxxxx.ca, xxxxx.ca, *.xxxxxxxxx.com, xxxxxxxx.com
And tunnel failed:
CONNECT api.xxxxxx.com:443 HTTP/1.1
Host: api.xxxxxxx.com
User-Agent: com.apple.WebKit.Networking/8611.4.1.0.3 CFNetwork/1240.0.4 Darwin/20.6.0
Connection: keep-alive
Connection: keep-alive
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
Random: E2 EF 8D 53 08 4F D9 3E 23 DB BA 45 40 A6 A2 ED 6E 23 3B 84 C6 00 98 75 9F 03 5C 95 6C 7E 6B 1E
"Time": 6/3/2014 11:55:14 AM
SessionID: CA 79 37 63 83 57 8B E1 86 24 8F F0 18 FA A9 27 83 52 1E 5B BD 39 27 86 94 CB 54 68 7D 7B FD 3E
Extensions:
grease (0x1a1a) empty
server_name api.xxxxxx.com
extended_master_secret empty
renegotiation_info 00
supported_groups grease [0xcaca], x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19]
ec_point_formats uncompressed [0x0]
ALPN h2, http/1.1
status_request OCSP - Implicit Responder
signature_algs ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, rsa_pkcs1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, rsa_pss_rsae_sha384, rsa_pss_rsae_sha384, rsa_pkcs1_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha512, rsa_pkcs1_sha1
SignedCertTimestamp (RFC6962) empty
key_share 00 29 CA CA 00 01 00 00 1D 00 20 2C 81 5B 83 4E A9 2F E0 17 99 47 E1 51 C3 88 5E 6C 65 3C F6 FF FD DE BD B6 4F 3F 38 73 DB 1F 15
psk_key_exchange_modes 01 01
supported_versions grease [0xdada], Tls1.3, Tls1.2
grease (0x8a8a) 00
padding 211 null bytes
Ciphers:
[EAEA] Unrecognized cipher - See https://www.iana.org/assignments/tls-parameters/
[1301] TLS_AES_128_GCM_SHA256
[1302] TLS_AES_256_GCM_SHA384
[1303] TLS_CHACHA20_POLY1305_SHA256
[C02C] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[C02B] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[CCA9] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
[C030] TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[C02F] TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[CCA8] TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[C024] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[C023] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[C00A] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
[C009] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
[C028] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[C027] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[C014] TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[C013] TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Compression:
[00] NO_COMPRESSION
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 08:53:46.605
Connection: close
编辑以添加我在提琴手日志中得到的错误:
08:53:46:7774 !SecureClientPipeDirect failed: System.IO.IOException Authentication failed because the remote party has closed the transport stream. for pipe (CN=*.xxxxxxx.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com)
注意,我已经编辑了实际主机名和开发人员信息的目的是隐私,但留下其他一切不变。你可以看到不同的用户代理显示,当它使用浏览器和失败时,当它没有。
希望有人能给一些线索如何解决。通过使用不同的代理(Mockttp),这工作得很好,所以我希望Fiddler也能做到这一点,因为它对我的目的更用户友好。
编辑以澄清我正在使用SSL终止开关2(0.14-3+调试)
编辑2:原来我的SSL Kill Switch 2版本比最新版本老,现在已经修复了一些。我更新了,现在再也没有证书错误了,然而,在请求工作了几次之后,我开始得到403,最初我认为这是我的IP被拒绝,但后来测试邮差我得到200所有的时间,我只在使用Fiddler代理时被拒绝,所以仍然试图找出差异的原因。我要确保邮差发送的邮件头和信息与手机上的应用程序完全相同。 比较工作和拒绝电话似乎也没有任何区别。谢谢!
感谢@Robert,他指出这可能是SSL Killswitch而不是Fiddler Proxy的问题,升级到最新版本后,我不再得到隧道问题。现在我遇到了一个不同的问题,这似乎与TLS指纹有关,我认为我可以通过使用不同的代理来确认。所以为了让这个问题结束,我可以说@Robert帮助和评论是正确的!