@jekh please note, the last upstream commits in LittleProxy breaks LittleProxy-mitm with following behavior:

• Use LittleProxy-mitm Launcher with a browser (Iceweasel 31.8.0) to get https://github.com/adamfisk/LittleProxy/issues
• Wait 10 or 15 seconds (it's important, klicking faster causes no problem) and klick an issue
• It will be blocking until Gateway timeout

Second strange example:

• Get https://www.debian.org and wait between 10 to 15 seconds (I've needed some tries)
• Get a link on the page like https://www.debian.org/releases/stable/releasenotes
• I've got this answer:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache Server at www.debian.org Port 443

It's fixed with commit ganskef/LittleProxy@cf27050 (checkout and rebuild both). I will try to figure out more.

The Subject Alternative Name can be following according to the RFC.

RFC822 Name= email id
DNS Name=DNS name

When you have email ID in the certificate, MTIM proxy fails to create the tunnel due to exception raised in
SubjectAlternativeNameHolder.parseGeneralName(List<?> nameEntry) method. From my analysis, we should call this method to check only for a valid DNS name. The validation we should do should limit to RFC compliant values and we should ignore the email IDs and consider only DNS names.

The easy fix is to remove exception and in SubjectAlternativeNameHolder.add(Collection<List<?>> subjectAlternativeNames) check for valid DNS name before calling the parseGeneralName() method. Looking at the code it should be sufficient without any other changes. Please review.

Refer to http://www.pkiglobe.org/subject_alt_name.html for additional information.

This problem was encountered in a couple of our servers that has RFC822 Name in SAN.

Android 6.0 does not like the expiration of the cert generated when it is 100 years in the future. I see this was changed from this issue #6 from max time to 100 years.

NOT_AFTER should be configurable to avoid these kinds of issues.

Android 5.1 working

Android 6.0 not working with the same certificate

When I invoked
public ByteBuf getBytes(int index, ByteBuffer dst)

It throws index out of bounds exception. There is a wrong logic to invoke its checkIndex0 method. I have to roll back the version to 4.0.23 in my pom.xml, then the issue gone.

Could you consider to adopt another version if 4.0.36 is not required? Thanks.

At the end, appreciate you for contributing this project to open source.

I built it and can run it.
Pardon, but how do I proxy a site, lets say twitter.com or anything?

Hi,

First thank you for your great work, this project is amazing and very helpful.

While I use it in real world deployment I find that in current version BouncyCastleSslEngineSource.loadKeyStore loads keystore from File system. However some time deployment process requires us package all things in jar file. Therefore I could not use Class.getResourceAsStream and have to extract keystore files first and then load them from file system.

Now my workaround is using reflection to hack it but, could it support loading from InputStream instead of File path?

I'm using LittleProxy-mitm for testing my site. for HTTP it was working fine but for HTTPS getting the following error :
in proxy

javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
138711 2019-07-04 11:17:21,003 ERROR [LittleProxy-0-ClientToProxyWorker-0] impl.ClientToProxyConnection - (NEGOTIATING_CONNECT) [id: 0x831e1554, L:0.0.0.0/0.0.0.0:9090 ! R:/127.0.0.1:51782]: Caught an exception on ClientToProxyConnection 

in browser(firefox)
Software is Preventing Firefox From Safely Connecting to This Site
Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED
Certificate:

First off, thanks for your time. I'm sure you're busy.

I'm trying to debug some restful applications speaking to each other, and I've been trying to setup your mitm service to do so.

Reading your documentation I can get to the point where I dump the headers of a given request, but I can't figure out how to view the body of the request.

Here's what I have so far:

    @FunctionalInterface
    private interface MyFilter extends HttpFiltersSource {
        default int getMaximumRequestBufferSizeInBytes() {
            return 0;
        }
        default int getMaximumResponseBufferSizeInBytes() {
            return 0;
        }
    }

and a simple main method to run the application:

    private static final AttributeKey<String> CONNECTED_URL = AttributeKey.valueOf("connected_url");

    public static void main(String[] args) throws RootCertificateException {
        HttpProxyServer server =
                DefaultHttpProxyServer.bootstrap()
                        .withPort(3455)
                        .withManInTheMiddle(new CertificateSniffingMitmManager())
                        .withFiltersSource((MyFilter) (originalRequest, context) -> {

                            System.out.println("-----------------------------------------------------");
                            HttpMethod method = originalRequest.getMethod();
                            String originalUri = originalRequest.getUri();
                            System.out.println(method + " -> " + originalUri);
                            originalRequest.headers().forEach(entry -> {
                                System.out.println("-- " + entry.getKey() + ":" + entry.getValue());
                            });

                            if (HttpMethod.CONNECT.equals(method) && Objects.nonNull(context) && originalUri.endsWith(":443")) {
                                String url = "https://" + originalUri.replaceFirst(":443$", "");
                                context.channel().attr(CONNECTED_URL).set(url);
                                System.out.println("(Manipulating connection request for successful HTTPS: " + originalUri + " -> " + url + ")");
                            }
                            return new HttpFiltersAdapter(originalRequest, context);
                        })
                        .start();

        System.out.println("Running mitm server");
    }

I've been digging into the ChannelHandlerContext via debugging and some of the javadoc, and my initial assumption about the body being located here appears to be false. So really my question, I suppose, is how do I access the request body given that it doesn't appear to be present in either the request or context object?

Hello,

I have implemented the MITM as your example shows.
I have implemented a HttpFiltersSourceAdapter that has the method filterRequest.
I was hoping that returning null from the method would stop the filtering for certain hosts like appl/facebook. But i think the impersonation phase is still used when exchanging certificates.

How do I ignore hosts for use with apps that do their own SSL handshaking?

I have tried to make an alternative to the CertificateSniffing MitmManager. But i could not find a way to avoid returning a SSLEngine and thus skipping the interference.

So for some domains i would like the proxy to act as transparent.

LittleProxy-mitm fails to connect the Gnome Wiki. I'm starting to investigate for this.

Hi,

I have been trying to run littleproxy from my Android app. Below, you will find the code.

Before publishing this post, I searched through StackOverflow and the web for information on running littleproxy on Android devices. I could not find answers to my questions below. There is very little information about littleproxy on Android.

On my test Android phone, a Huawei Mate 20 Pro running Androind 9, I enabled proxy manually on the Wifi network I am using as follows:

Proxy hostname - 127.0.0.1
Proxy port - 8100

The logs posted by littleproxy are as follows:

03-20 18:46:48.345: I/DefaultHttpProxyServer(27269): - withAddress - /127.0.0.1:8100
03-20 18:46:48.547: I/DefaultHttpProxyServer(27269): Starting proxy at address: {} - /127.0.0.1:8100
03-20 18:46:48.549: D/ServerGroup(27269): Initializing thread pools for {} with {} acceptor threads, {} incoming worker threads, and {} outgoing worker threads - TCP - 2 - 8 - 8
03-20 18:46:48.558: I/DefaultHttpProxyServer(27269): Proxy listening with TCP transport
03-20 18:46:48.589: I/DefaultHttpProxyServer(27269): Proxy started at address: {} - /127.0.0.1:8100

After proxy starts as the above logs seem to indicate, I try to access a (any) site on the web and I am unable to do so.

Based on the code (below), the only sites I should not be able to access are ones like
http://httpbin.org/image/png

I have four questions/issues I hope someone can help me answer:

1. Is setting the address of the proxy server on an Android device to 127.0.0.1 allowed? If not what can it be set to? Can I use port 8100, or is there a preset port I should be using (e.g. 8080) (I don't think so, just checking to make sure)?

2. How can I check whether the littleproxy proxy server is running after I start it (see code below)? Do I need to add code to ensure that it keep running?

3. Is the littleproxy start call (see code below) correct?

4. Does anyone have a successful experience of running a local proxy on an Android device without rooting the device? If yes, what's the proxy application used?

Thanks for any help in addressing these issues.

Code which calls littleproxy from main activity

    Log.i(TAG, " - onCreate - About to run BlockingFilterProxy.main(args) --- ");

        String[] args = new String[1];

        BlockingFilterProxy.main(args);

    Log.i(TAG, " - onCreate - Returned from BlockingFilterProxy.main(args) --- ");

BlockingFilterProxy code

package com.android.contextq.gatekeepertolltaker.proxy.filters;

import android.util.Log;

import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import java.util.Date;

import org.littleshoot.proxy.HttpFilters;
import org.littleshoot.proxy.HttpFiltersAdapter;
import org.littleshoot.proxy.HttpFiltersSource;
import org.littleshoot.proxy.HttpFiltersSourceAdapter;
import org.littleshoot.proxy.impl.DefaultHttpProxyServer;
import org.littleshoot.proxy.impl.ProxyUtils;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpObject;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;

/**

• Blocks access to URLs ending in "png" or "jpeg" and returns a 502 response.
• Test URLs - HTTP : http://httpbin.org/image/png

•         HTTPS : https://httpbin.org/image/png
  

*/
public class BlockingFilterProxy {

private static String TAG = "BlockingFilterProxy";
private static final int PORT = 8100;

public static void main(String[] args) {

    HttpFiltersSource filtersSource = getFiltersSource();

    DefaultHttpProxyServer.bootstrap()
            .withAddress(new InetSocketAddress("127.0.0.1",8100))

// .withAddress(new InetSocketAddress("10.125.24.28",8100))
// .withPort(PORT)
.withAllowLocalOnly(false)
.withFiltersSource(filtersSource)
.withName("BlockingFilterProxy")
.start();
}

private static HttpFiltersSource getFiltersSource() {
    return new HttpFiltersSourceAdapter(){

        @Override
        public HttpFilters filterRequest(HttpRequest originalRequest) {

            return new HttpFiltersAdapter(originalRequest){

                @Override
                public HttpResponse clientToProxyRequest(HttpObject httpObject) {

                    if(httpObject instanceof HttpRequest){
                        HttpRequest request = (HttpRequest) httpObject;

                        Log.i(TAG, "Method URI : " + request.getMethod() + " " + request.getUri());

                        if(request.getUri().endsWith("png") || request.getUri().endsWith("jpeg")){
                            //For URLs ending in 'png' and 'jpeg', return a 502 response.
                            return getBadGatewayResponse();
                        }
                    }

                    return null;
                }

                private HttpResponse getBadGatewayResponse() {
                    String body = "<!DOCTYPE HTML \"-//IETF//DTD HTML 2.0//EN\">\n"
                            + "<html><head>\n"
                            + "<title>"+"Bad Gateway"+"</title>\n"
                            + "</head><body>\n"
                            + "An error occurred"
                            + "</body></html>\n";
                    byte[] bytes = body.getBytes(Charset.forName("UTF-8"));
                    ByteBuf content = Unpooled.copiedBuffer(bytes);
                    HttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.BAD_GATEWAY, content);
                    response.headers().set(HttpHeaders.Names.CONTENT_LENGTH, bytes.length);
                    response.headers().set("Content-Type", "text/html; charset=UTF-8");
                    response.headers().set("Date", ProxyUtils.formatDate(new Date()));
                    response.headers().set(HttpHeaders.Names.CONNECTION, "close");
                    return response;
                }					
            };
        }			
    };
}

}

Noticed this pretty often. Are we accidently ddosing the site? Cloudflare seems to be up often.

Either way, we should add a check to pass the test if it 522's, so that we don't have to skip tests for installs often.

On a fresh installed Windows 8.1 N with a recent Java the Man-In-The-Middle is disabled at startup:

C:\Users\frank>java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) Client VM (build 25.91-b14, mixed mode, sharing)

2016-04-29 22:07:10,588 WARN  [main] proxy.McProxy - MITM disabled, could not be initialized.
org.littleshoot.proxy.mitm.RootCertificateException: Errors during assembling root CA.
    at org.littleshoot.proxy.mitm.HostNameMitmManager.(HostNameMitmManager.java:28)
    at de.ganskef.mocuishle.proxy.McProxy.createMitmManager(McProxy.java:105)
    at de.ganskef.mocuishle.proxy.McProxy.start(McProxy.java:85)
    at de.ganskef.mocuishle.McProxyMain.main(McProxyMain.java:48)
Caused by: java.lang.IllegalArgumentException: Unknown signature type requested: SHA256
    at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source)
    at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.find(Unknown Source)
    at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.(Unknown Source)
    at org.littleshoot.proxy.mitm.CertificateHelper.signCertificate(CertificateHelper.java:256)
    at org.littleshoot.proxy.mitm.CertificateHelper.createRootCertificate(CertificateHelper.java:183)
    at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.initializeKeyStore(BouncyCastleSslEngineSource.java:261)
    at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.(BouncyCastleSslEngineSource.java:114)
    at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.(BouncyCastleSslEngineSource.java:137)
    at org.littleshoot.proxy.mitm.HostNameMitmManager.(HostNameMitmManager.java:25)
    ... 3 more

Hi,

I setup the proxy successfully for https sites. It is working fine if i am not intercepting any requests.
I tried following the way you have described to store the stateful information when intercepting https requests. But when i tried intercepting requests, Connect method is successful, but as soon as GET method comes, firefox shows,

"The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

The filter adapter is,

`
public AnswerRequestFilter(String uri, String answer) {
this.uri = uri;
this.answer = answer;
}

@Override
public HttpResponse clientToProxyRequest(HttpObject httpObject) {
    ByteBuf buffer = null;
    try {
        buffer = Unpooled.wrappedBuffer(answer.getBytes("UTF-8"));
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    }
    HttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK,` buffer);
    HttpHeaders.setContentLength(response, buffer.readableBytes());
    HttpHeaders.setHeader(response, HttpHeaders.Names.CONTENT_TYPE, "text/html");
    return response;
}

`

Problem: Some servers like https://forums.freebsd.org refuse TLSv1 connections.

Solution: Enforce TLSv1.2 if available, since it's not default up to Java 8. Use TLSv1 to fall back for Java 6.

Background: Java 7 disables TLS 1.1 and 1.2 for clients. From Java Cryptography Architecture Oracle Providers Documentation: Although SunJSSE in the Java SE 7 release supports TLS 1.1 and TLS 1.2, neither version is enabled by default for client connections. Some servers do not implement forward compatibility correctly and refuse to talk to TLS 1.1 or TLS 1.2 clients. For interoperability, SunJSSE does not enable TLS 1.1 or TLS 1.2 by default for client connections.

I'm searching for a while for a volatile problem (using my Mo Cuishle app): Secured connections are terminated with some different sites with some different devices. The content is shown but without its page style. I've never seen it with a desktop system. Please, has anybody some ideas, device examples, debug strategies?

• Nexus 5, Android 6.0.1 (N) fails with https://assets-cdn.github.com, works fine in emulator
• Samsung i9300, Android 4.4.4 fails with https://developer.cdn.mozilla.net, fails in emulator too

Both devices are showing the other site with no problems. I'm pretty sure it's deterministic. It seems not to depend on Netty versions.

This is a typical adb logcat output:

D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (AWAITING_INITIAL) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Not reusing existing ProxyToServerConnection because request is a CONNECT for: developer.cdn.mozilla.net:443
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (AWAITING_INITIAL) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Modifying request for proxy chaining
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (AWAITING_INITIAL) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Stripped host from uri: developer.cdn.mozilla.net:443    yielding: developer.cdn.mozilla.net:443
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (AWAITING_INITIAL) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Modifying request headers for proxying
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (AWAITING_INITIAL) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Writing request to ProxyToServerConnection
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (DISCONNECTED): Requested write of DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): CONNECT developer.cdn.mozilla.net:443 HTTP/1.1
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): User-Agent: Mozilla/5.0 (Android 4.4.4; Mobile; rv:45.0) Gecko/45.0 Firefox/45.0
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): Host: developer.cdn.mozilla.net:443
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): Via: 1.1 littleproxy
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (DISCONNECTED): Currently disconnected, connect and then write the message
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (DISCONNECTED): Starting new connection to: developer.cdn.mozilla.net/54.240.162.197:443
D/ActivityThread(11645): handleBindApplication:com.whatsapp
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] Host Name Verification is not supported, causes insecure HTTPS connection
D/ActivityThread(11645): setTargetHeapUtilization:0.75
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] Removed cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA
D/ActivityThread(11645): setTargetHeapMinFree:2097152
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] Enabled server cipher suites:
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_RSA_WITH_RC4_128_MD5
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_RSA_WITH_RC4_128_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] TLS_RSA_WITH_AES_128_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] TLS_DHE_DSS_WITH_AES_128_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_RSA_WITH_3DES_EDE_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_RSA_WITH_DES_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_DHE_RSA_WITH_DES_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_DHE_DSS_WITH_DES_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_RSA_EXPORT_WITH_RC4_40_MD5
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
D/org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource( 2897): [MoCuishle-0-ClientToProxyWorker-0] SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (AWAITING_INITIAL) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Stopped reading
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (DISCONNECTED): Processing connection flow step: CONNECTING
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (CONNECTING): Connecting to server with TCP
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (NEGOTIATING_CONNECT) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Reading: EmptyLastHttpContent
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ClientToProxyWorker-0] (NEGOTIATING_CONNECT) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Attempted to read from connection that's in the process of negotiating an HTTP CONNECT.  This is probably the LastHttpContent of a chunked CONNECT.
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (CONNECTING) [id: 0x6ca7716c, /100.71.157.71:55898 => developer.cdn.mozilla.net/54.240.162.197:443]: ConnectionFlowStep succeeded
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (CONNECTING) [id: 0x6ca7716c, /100.71.157.71:55898 => developer.cdn.mozilla.net/54.240.162.197:443]: Processing connection flow step: HANDSHAKING
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (HANDSHAKING) [id: 0x6ca7716c, /100.71.157.71:55898 => developer.cdn.mozilla.net/54.240.162.197:443]: Enabling encryption with SSLEngine: com.android.org.conscrypt.SSLEngineImpl@4225b640
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (HANDSHAKING) [id: 0x6ca7716c, /100.71.157.71:55898 => developer.cdn.mozilla.net/54.240.162.197:443]: Connected
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (HANDSHAKING) [id: 0x6ca7716c, /100.71.157.71:55898 => developer.cdn.mozilla.net/54.240.162.197:443]: ConnectionFlowStep failed
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): javax.net.ssl.SSLException: Fatal alert received handshake_failure
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at com.android.org.conscrypt.SSLEngineImpl.unwrap(SSLEngineImpl.java:484) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:383) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1098) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:976) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:912) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:369) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:244) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:840) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:430) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:384) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112) ~[na:0.0]
D/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at java.lang.Thread.run(Thread.java:841) ~[na:0.0]
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (NEGOTIATING_CONNECT) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: All servers have finished attempting to connect, resuming reading from client.
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (NEGOTIATING_CONNECT) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Resumed reading
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (HANDSHAKING) [id: 0x6ca7716c, /100.71.157.71:55898 :> developer.cdn.mozilla.net/54.240.162.197:443]: Connection to upstream server failed
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897): javax.net.ssl.SSLException: Fatal alert received handshake_failure
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at com.android.org.conscrypt.SSLEngineImpl.unwrap(SSLEngineImpl.java:484) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:383) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1098) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:976) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:912) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:369) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:244) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:840) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:430) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:384) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112) ~[na:0.0]
I/org.littleshoot.proxy.impl.ProxyToServerConnection( 2897):    at java.lang.Thread.run(Thread.java:841) ~[na:0.0]
D/org.littleshoot.proxy.impl.ClientToProxyConnection( 2897): [MoCuishle-0-ProxyToServerWorker-5] (NEGOTIATING_CONNECT) [id: 0xf0297475, /127.0.0.1:39401 => /127.0.0.1:9090]: Connection to upstream server or chained proxy failed: developer.cdn.mozilla.net/54.240.162.197:443.  Last state before failure: HANDSHAKING

Fix:

String commonName = getCommonName(upstreamCert);

        SubjectAlternativeNameHolder san = new SubjectAlternativeNameHolder();

        Collection<List<?>> an = upstreamCert.getSubjectAlternativeNames();

        if (an == null) {
            san = new SubjectAlternativeNameHolder();
        } else {
            san.addAll(an);
        }

        LOG.debug("Subject Alternative Names: {}", san);
        return sslEngineSource.createCertForHost(commonName, san);

LittleProxy has updated to 1.1.1, it no longer contains a common-io.
As a result, if we want littleproxy-mitm to work with littleproxy we have to add to common-io manually.
Please consider to use guava instead of common-io. :)
@ganskef

IOS 8.x does not like the expiration cert date to be grater than Mon, 24 Jan 6084 02:07:59 GMT. After setting NOT_AFTER to this, proxy works as expected. I couldn't find any documentation describing IOS having this date limitation.

I used epochcoverter to get the milliseconds

Epoch timestamp: 129827326079
Timestamp in milliseconds: 129827326079000
Human time (your time zone): January 23, 6084 at 7:07:59 PM MST
Human time (GMT): Mon, 24 Jan 6084 02:07:59 GMT

Safari from the simulator accessing google

working

private static final Date NOT_AFTER = new Date(129827326079000L);

Epoch timestamp: 129827326079
Timestamp in milliseconds: 129827326079000
Human time (your time zone): January 23, 6084 at 7:07:59 PM MST
Human time (GMT): Mon, 24 Jan 6084 02:07:59 GMT

error

private static final Date NOT_AFTER = new Date(129827326080000L);

Epoch timestamp: 129827326080
Timestamp in milliseconds: 129827326080000
Human time (your time zone): January 23, 6084 at 7:08:00 PM MST
Human time (GMT): Mon, 24 Jan 6084 02:08:00 GMT

Thanks for this excellent demonstration of MITM with LP. Could you add a LICENSE.txt file to make the license explicit? FWIW, LittleProxy is under the Apache 2.0 License. (Did you use any GPL code or libraries? That might require you to publish the entire work under the GPL.)

I ask because I'd really like to help better-integrate this with the main LP and, eventually, BrowserMob Proxy. It'd be great to be able to make modifications, submit PRs to you, and hopefully cherry-pick code into LP itself.

Thanks again! This is fantastic.

I'm trying to run LittleProxy-mitm on android with the code:

 val server = DefaultHttpProxyServer.bootstrap()
            .withAddress(InetSocketAddress("127.0.0.1",  8100))
            .withManInTheMiddle(CertificateSniffingMitmManager())
            .start() but the app crashes with this error.

java.lang.NoClassDefFoundError: Failed resolution of: Lorg/apache/commons/io/IOUtils;

Full error:

• 2022-04-26 14:03:01.828 3581-3581/com.anatame.localproxy E/AndroidRuntime: FATAL EXCEPTION: main

•   Process: com.anatame.localproxy, PID: 3581
  

•   java.lang.NoClassDefFoundError: Failed resolution of: Lorg/apache/commons/io/IOUtils;
  

•       at org.littleshoot.proxy.mitm.CertificateHelper.createSubjectKeyIdentifier(CertificateHelper.java:204)
  

•       at org.littleshoot.proxy.mitm.CertificateHelper.createRootCertificate(CertificateHelper.java:167)
  

•       at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.initializeKeyStore(BouncyCastleSslEngineSource.java:219)
  

•       at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.<init>(BouncyCastleSslEngineSource.java:111)
  

•       at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.<init>(BouncyCastleSslEngineSource.java:134)
  

•       at org.littleshoot.proxy.mitm.CertificateSniffingMitmManager.<init>(CertificateSniffingMitmManager.java:34)
  

•       at com.anatame.localproxy.MainActivity.onCreate(MainActivity.kt:18)
  

•       at android.app.Activity.performCreate(Activity.java:7893)
  

•       at android.app.Activity.performCreate(Activity.java:7880)
  

•       at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1307)
  

•       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3286)
  

•       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3460)
  

•       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83)
  

•       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
  

•       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
  

•       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2047)
  

•       at android.os.Handler.dispatchMessage(Handler.java:107)
  

•       at android.os.Looper.loop(Looper.java:224)
  

•       at android.app.ActivityThread.main(ActivityThread.java:7592)
  

•       at java.lang.reflect.Method.invoke(Native Method)
  

•       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:539)
  

•       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:950)
  

•    Caused by: java.lang.ClassNotFoundException: Didn't find class "org.apache.commons.io.IOUtils" on path: DexPathList[[zip file "/data/app/com.anatame.localproxy-ZzekusIPuY-QWAB0xTPD7Q==/base.apk"],nativeLibraryDirectories=[/data/app/com.anatame.localproxy-ZzekusIPuY-QWAB0xTPD7Q==/lib/arm64, /system/lib64, /system/product/lib64]]
  

•       at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:230)
  

•       at java.lang.ClassLoader.loadClass(ClassLoader.java:379)
  

•       at java.lang.ClassLoader.loadClass(ClassLoader.java:312)
  

•       at org.littleshoot.proxy.mitm.CertificateHelper.createSubjectKeyIdentifier(CertificateHelper.java:204) 
  

•       at org.littleshoot.proxy.mitm.CertificateHelper.createRootCertificate(CertificateHelper.java:167) 
  

•       at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.initializeKeyStore(BouncyCastleSslEngineSource.java:219) 
  

•       at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.<init>(BouncyCastleSslEngineSource.java:111) 
  

•       at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.<init>(BouncyCastleSslEngineSource.java:134) 
  

•       at org.littleshoot.proxy.mitm.CertificateSniffingMitmManager.<init>(CertificateSniffingMitmManager.java:34) 
  

•       at com.anatame.localproxy.MainActivity.onCreate(MainActivity.kt:18) 
  

•       at android.app.Activity.performCreate(Activity.java:7893) 
  

•       at android.app.Activity.performCreate(Activity.java:7880) 
  

•       at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1307) 
  

•       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3286) 
  

•       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3460) 
  

•       at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83) 
  

•       at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135) 
  

•       at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95) 
  

•       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2047) 
  

•       at android.os.Handler.dispatchMessage(Handler.java:107) 
  

•       at android.os.Looper.loop(Looper.java:224) 
  

•       at android.app.ActivityThread.main(ActivityThread.java:7592) 
  

•       at java.lang.reflect.Method.invoke(Native Method) 
  

•       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:539) 
  

•       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:950) 
  

Using Mozilla Firefox (> 39...45) with the proxy running on Android (Version 4.4.4) I've seen a general SSL connection failure with error code ssl_error_weak_server_ephemeral_dh_key. (I've never seen it in a desktop environment.) A workaround found in the Web is to open about:config, search for ssl3 and disable the first two entries containing dhe_rsa:

Hi @ganskef ,

Referring to this branch : https://github.com/ganskef/LittleProxy-mitm/tree/netty_proxy_client

I'm trying to figure out how to help you solve the MITM + chain proxy issue, and I noticed that the proxy server running on port 9090 does not seem to be running (I setup firefox and curl to route through it, while debugging the tests, and i get connection refused on them as well).

I'm going to debug further, maybe disable the tests, package the jar and see if i can implement this functionality (I'm not too amazing with Junit yet.)

I'd like to get talk with you a bit. I'm a native english speaker but I also took a few semesters of german.

s->session->key_exchange_info = DH_num_bits(dh); // if (s->session->key_exchange_info < 1024) { // OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_DH_P_LENGTH); // goto err; // }

can not resolved https
debug dh.length is 512 not > 1024

Hello, I'm sure that this is probably something dumb, but I've gotten the http proxy all setup with just the basic instructions. Now, I'm trying to auth ssl websites, but I'm having dificulties with getting that portion to run. Is there any way that someone could help?

See https://github.com/ganskef/LittleProxy-mitm/blob/master/src/main/java/org/littleshoot/proxy/mitm/BouncyCastleSslEngineSource.java#L180

"tryHostNameVerification"

vs 

"trySetHostnameVerification"

as seen from below links.

See https://tersesystems.com/2014/03/23/fixing-hostname-verification/ and http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/ssl/SSLEngineImpl.java#SSLEngineImpl.trySetHostnameVerification%28java.lang.String%29

Seems like LittleProxy-mitm only gets the certificate from the filesystem. What if I want it to look it up from the classpath (i.e. via target/classes in my maven test and inside the jar in production)? How do I configure LittleProxy-mitm to look the certificate up from the classpath?

I am using littleproxy-mitm as a maven dependency in my custom java 8 application that I am using as a chained proxy service within my organization to facilitate with single sign on into an enterprise application that utilizes AD and ADFS services in a hybrid mode (cloud + on-site).

Everything is working well and my proxy service is able to handle the http and Secure http (https) requests and forward them to the organization's proxy server.

The only issue that I have is for https requests, due to the certificate impersonation within the proxy service using MITM, we are getting a certificate error or untrusted certificate error in the browser. To overcome this issue, I have purchased a valid certificate and am trying to tell the application to use the valid trusted certificate to impersonate the certificates for the https requests.

This is the littleprxy-mitm code that I am using to initialise the usage of my trusted cert:
HttpProxyServer proxyServer = DefaultHttpProxyServer.bootstrap()
.withAddress(new InetSocketAddress(localHostIP, localPort))
.withManInTheMiddle(new CertificateSniffingMitmManager(
new Authority(new File("./<trusted_certifcate_name>.pfx")
,"my_app_proxy_service_name"
,"".toCharArray()
,""
,""
,""
,"DigiCert Inc"
,"www.digicert.com")))

But I keep getting a "RootCertificateException" saying "Errors during assembling root CA" although in the log, it says that the "org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource - Created root certificate authority key store in 858ms"

And due to the exception, I am unable to start up the java application.

I also tried running the application by providing the keystore details
-Djavax.net.ssl.trustStore="<JRE_HOME>\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=""

and also tried creating a new truststore

but none of the above approaches seem to be helping with the custom cert being loaded into the root CA.

Any help or guidance would really help
Mattsjk

对https请求进行proxy的时候，报java.nio.channels.ClosedChannelException 异常
打点日志，没看到相应的close的地方，这个能解么？

/src/main/java/org/littleshoot/proxy/mitm/HostNameMitmManager.java:[14,8]

If I add the maven dependency

<dependency>
	<groupId>com.github.ganskef</groupId>
	<artifactId>littleproxy-mitm</artifactId>
	<version>1.1.0</version>
</dependency>

I still get a NoClassDefFoundError due to Encodable missing from Bouncycastle:

import org.junit.Test;
import org.littleshoot.proxy.HttpProxyServer;
import org.littleshoot.proxy.impl.DefaultHttpProxyServer;
import org.littleshoot.proxy.mitm.CertificateSniffingMitmManager;
import org.littleshoot.proxy.mitm.RootCertificateException;

public class TestManInTheMiddle
{
	@Test
	public void test() throws RootCertificateException
	{
		HttpProxyServer server =
				DefaultHttpProxyServer.bootstrap()
						.withPort(9090) // for both HTTP and HTTPS
						.withManInTheMiddle(new CertificateSniffingMitmManager())
						.start();
	}
}

java.lang.NoClassDefFoundError: org/bouncycastle/util/Encodable

	at java.lang.ClassLoader.defineClass1(Native Method)
	at java.lang.ClassLoader.defineClass(ClassLoader.java:763)
	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
	at java.net.URLClassLoader.defineClass(URLClassLoader.java:467)
	at java.net.URLClassLoader.access$100(URLClassLoader.java:73)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:368)
	at java.net.URLClassLoader$1.run(URLClassLoader.java:362)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.net.URLClassLoader.findClass(URLClassLoader.java:361)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	at org.littleshoot.proxy.mitm.CertificateHelper.createRootCertificate(CertificateHelper.java:164)
	at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.initializeKeyStore(BouncyCastleSslEngineSource.java:219)
	at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.<init>(BouncyCastleSslEngineSource.java:111)
	at org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.<init>(BouncyCastleSslEngineSource.java:134)
	at org.littleshoot.proxy.mitm.CertificateSniffingMitmManager.<init>(CertificateSniffingMitmManager.java:34)
	at org.littleshoot.proxy.mitm.CertificateSniffingMitmManager.<init>(CertificateSniffingMitmManager.java:28)
	at TestManInTheMiddle.test(TestManInTheMiddle.java:14)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:305)
	at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:365)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63)
	at org.junit.runners.ParentRunner$4.run(ParentRunner.java:330)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:78)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:328)
	at org.junit.runners.ParentRunner.access$100(ParentRunner.java:65)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:292)
	at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:305)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:412)
	at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
	at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
	at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
	at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
	at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.util.Encodable
	at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
	at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
	... 44 more

Adding a dependency for Bouncycastle does not help:

<dependency>
	<groupId>org.bouncycastle</groupId>
	<artifactId>bcprov-jdk15</artifactId>
	<version>1.46</version>
</dependency>

Why is this not included by default so the code can be ran? How to do it? I'm on Windows 10.