Here my output of curl :
curl --proxy 172.26.160.1:8888 https://google.com -v
root@ubuntuserver:/home# curl --proxy 172.26.160.1:8888 https://google.com -v
* Trying 172.26.160.1:8888...
* Connected to (nil) (172.26.160.1) port 8888 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.81.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< FiddlerGateway: Direct
< StartTime: 15:42:31.930
< Connection: close
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=google.com
* start date: Aug 27 18:11:42 2022 GMT
* expire date: Aug 27 18:11:42 2023 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=DO_NOT_TRUST_FiddlerRoot
* SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="gws"
< Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
< Date: Fri, 09 Dec 2022 08:42:32 GMT
< Expires: Sun, 08 Jan 2023 08:42:32 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 220
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
* TLSv1.2 (IN), TLS header, Supplemental data (23):
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host (nil) left intact
root@ubuntuserver:/home#
See :
subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=google.com
Success ....
But the problem is whe use without --proxy
root@ubuntuserver:/home# curl https://google.com -v * Trying 142.251.12.100:443... * Connected to google.com (142.251.12.100) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=142.251.12.100 * start date: Aug 27 17:44:07 2022 GMT * expire date: Aug 27 17:44:07 2023 GMT * subjectAltName does not match google.com * SSL: no alternative certificate subject name matches target host name 'google.com' * Closing connection 0 * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.2 (OUT), TLS alert, close notify (256): curl: (60) SSL: no alternative certificate subject name matches target host name 'google.com' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. root@ubuntuserver:/home#
See :
subject: OU=Created by http://www.fiddler2.com; O=DO_NOT_TRUST; CN=142.251.12.100
How to fix this
Im also try to edit fiddler rules
static function OnBeforeRequest(oSession: Session) {
if (oSession.HTTPMethodIs("CONNECT") &&
oSession.HostnameIs("142.251.12.102"))
{
oSession["X-OverrideCertCN"] = "google.com";
}
Still failed
What i do is in this tutorial : https://anasfanani.id/post/redirect-all-linux-traffict-to-httphttpssocks-proxy-fiddlerburp
As the title says BCCertMaker can't make certificates
I am on Manjaro Linux and using Mono 6.12 and am using Fiddler to capture IOS 15 requests
19:53:46:8198 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:46:8534 Fiddler.BCCertMaker> Failed to create certificate for *.gc.apple.com: Operation is not supported on this platform. at BCCertMaker.BCCertMaker.CreateCertificateFromCA (System.String sCN, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caKey) [0x00377] in <186d138a6ba64111bc4131af9c9cbf93>:0 at BCCertMaker.BCCertMaker.MakeNewCert (System.String sHostname) [0x00102] in <186d138a6ba64111bc4131af9c9cbf93>:0 19:53:46:8534 fiddler.https> Failed to obtain certificate for stats.gc.apple.com due to Certificate Maker returned null when asked for a certificate for stats.gc.apple.com 19:53:48:6149 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:48:6510 Fiddler.BCCertMaker> Failed to create certificate for *.apple.com: Operation is not supported on this platform. at BCCertMaker.BCCertMaker.CreateCertificateFromCA (System.String sCN, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caKey) [0x00377] in <186d138a6ba64111bc4131af9c9cbf93>:0 at BCCertMaker.BCCertMaker.MakeNewCert (System.String sHostname) [0x00102] in <186d138a6ba64111bc4131af9c9cbf93>:0 19:53:48:6510 fiddler.https> Failed to obtain certificate for news-edge.apple.com due to Certificate Maker returned null when asked for a certificate for news-edge.apple.com 19:53:48:7116 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:48:7477 Fiddler.BCCertMaker> Failed to create certificate for *.apple.com: Operation is not supported on this platform. at BCCertMaker.BCCertMaker.CreateCertificateFromCA (System.String sCN, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caKey) [0x00377] in <186d138a6ba64111bc4131af9c9cbf93>:0 at BCCertMaker.BCCertMaker.MakeNewCert (System.String sHostname) [0x00102] in <186d138a6ba64111bc4131af9c9cbf93>:0 19:53:48:7478 fiddler.https> Failed to obtain certificate for news-edge.apple.com due to Certificate Maker returned null when asked for a certificate for news-edge.apple.com 19:53:50:0979 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:50:1347 Fiddler.BCCertMaker> Failed to create certificate for *.icloud.com: Operation is not supported on this platform. at BCCertMaker.BCCertMaker.CreateCertificateFromCA (System.String sCN, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caKey) [0x00377] in <186d138a6ba64111bc4131af9c9cbf93>:0 at BCCertMaker.BCCertMaker.MakeNewCert (System.String sHostname) [0x00102] in <186d138a6ba64111bc4131af9c9cbf93>:0 19:53:50:1347 fiddler.https> Failed to obtain certificate for gateway.icloud.com due to Certificate Maker returned null when asked for a certificate for gateway.icloud.com 19:53:50:2913 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:50:2921 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:50:2928 HTTPSLint> Warning: ClientHello record was 508 bytes long. Some servers have problems with ClientHello's greater than 255 bytes. https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance 19:53:50:3244 Fiddler.BCCertMaker> Failed to create certificate for c.apple.news: Operation is not supported on this platform. at BCCertMaker.BCCertMaker.CreateCertificateFromCA (System.String sCN, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caKey) [0x00377] in <186d138a6ba64111bc4131af9c9cbf93>:0 at BCCertMaker.BCCertMaker.MakeNewCert (System.String sHostname) [0x00102] in <186d138a6ba64111bc4131af9c9cbf93>:0 19:53:50:3245 fiddler.https> Failed to obtain certificate for c.apple.news due to Certificate Maker returned null when asked for a certificate for c.apple.news 19:53:50:3245 !Certificate cache didn't find certificate for [c.apple.news]. Returning null to thread #66. 19:53:50:3245 !Certificate cache didn't find certificate for [c.apple.news]. Returning null to thread #65. 19:53:50:3245 fiddler.https> Failed to obtain certificate for c.apple.news due to Certificate Maker returned null when asked for a certificate for c.apple.news 19:53:50:3245 fiddler.https> Failed to obtain certificate for c.apple.news due to Certificate Maker returned null when a
EDIT: It also seems like HTTPS requests are being sent like http://example.com:443/
The steps that were followed to initialize the fiddler tool are mentioned below.
Steps (Commands used in linux):
System Environment:
Can any one of you please suggest to me how to resolve this error?