Неверный сертификат about powertunnel HOT 7 OPEN

Эта проблема связана с Cloudflare, когда модификация SNI выключена, она отсутствует. Думаю, что можно с этим сделать.

from powertunnel.

Эта проблема связана с Cloudflare, когда модификация SNI выключена, она отсутствует. Думаю, что можно с этим сделать.

I'm facing same issue. Any workaround for this (with sni, not chuck)?

from powertunnel.

Not yet, but you can disable these warnings in Chrome (this is not a good way though)

from powertunnel.

Not yet, but you can disable these warnings in Chrome (this is not a good way though)

Disabling warnings don't seems to work. These sites are basically behind CDNs, that strictly requires the correct SNI field to serve the right certificate (and the right server to connect to?). Faking SNI simply breaks this mechanism.

I don't know (in-depth) exactly how the HTTPS connection establishes but, is it somehow possible to generate the (self-signed) cert from client request SNI/host (Fiddler does it), so that the CN matches and the handshake is successful. Then after that, somehow tell server the actual site we're trying to connect to via host header or something?

from powertunnel.

Disabling warnings don't seems to work. These sites are basically behind CDNs, that strictly requires the correct SNI field to serve the right certificate (and the right server to connect to?). Faking SNI simply breaks this mechanism.

Yes, that's the problem. IIRC I wrote a detailed explaination in other thread some time ago.

I don't know (in-depth) exactly how the HTTPS connection establishes but, is it somehow possible to generate the (self-signed) cert from client request SNI/host (Fiddler does it), so that the CN matches and the handshake is successful. Then after that, somehow tell server the actual site we're trying to connect to via host header or something?

MITM is done by LittleProxy and its extension LittleProxy-mitm. Certificate generation is requested here, and it the certificates changes then, which is the problem. I tried to debug this previously, but I did not succeed. I will try again today.

from powertunnel.

MITM is done by LittleProxy and its extension LittleProxy-mitm. Certificate generation is requested here, and it the certificates changes then, which is the problem. I tried to debug this previously, but I did not succeed. I will try again today.

Did some read up and seems like it should be fairly simple. We just have to get the SNI/host from the client request and use it as the COMMON_NAME (CN) for self generated certificate (instead of using CN received from server). I don't know Java that much, otherwise I'd test this approach..

from powertunnel.

Yes that's it. Though I don't see a way to obtain it yet.

from powertunnel.