Build and Certificate error about mitmjavaproxy HOT 4 CLOSED

Hello @raullgiordano
Thank you for reporting the issue.

The key thing is here:
class file has wrong version 59.0, should be 55.0 -> this means technically:

class file built with java 15, now you are trying to use it with java 11

V2.0.23.105 was the last version built with java 11, after that (v2.1.x, v2.5.x) built with jdk 15. It is not emphasized on the main web page, but mentioned at the releases. Sorry about the issues you faced with because of upgrading the used jdk.

It is not planned to re-release the latest version to be used with jdk11 - in case you would like to keep jdk11 in your local env, pls rebuild the mitmJavaProxy by following instructions here.

I will come back soon with the second part of the problem (cert issue), but in the meantime pls also use this additional java parameters: -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2", and also, you should know in advance that the browsers nowadays are really hate the situation when a MITM situation is detected by them during a visit of a HTTPS page, and they try to protect the user in all the ways. This also means that using mitmJavaProxy with browsers (as client) and visiting HTTPS pages is not really encouraged way of using this proxy. So please let me kindly remind you what you can read in the "Warning" section of the main readme file - "Use it carefully and only when you know what you do, and what you do is allowed/legal, and on environment where you are allowed/authorized to use the Proxy."

from mitmjavaproxy.

Hello @raullgiordano

Re certificate error at Firefox browser.
Here I don't explain how to log the messages (since that is out of scope, you may read about howto here, and step 3 will give you a guidance), just the steps to fix the cert problem you mentioned.

In the example, we just use the proxy in standalone mode (that's why msg logging is not part of the solution), so pls build latest from src:

./gradlew build release

Then you will have the jar in the release folder. Go into that folder and start the proxy in standalone mode, this way:

java -Djdk.tls.client.protocols="TLSv1,TLSv1.1,TLSv1.2" -Djdk.tls.namedGroups="secp256r1, secp384r1, ffdhe2048, ffdhe3072" -jar mitm-java-proxy-2.5.26.SNAPSHOT.jar

When you start it, in the console log you will see the used proxy port in a similar row:

... Started SocketListener on 0.0.0.0:58761

which means the proxy uses port 58761.

Start Firefox, in its Settings / General / Network Settings (at the bottom of the page) open the "Settings..." dialog, and set the HTTP proxy configuration as "Manual proxy configuration" to 127.0.0.1 and port: 58671 (use your actual proxy port of course).
Don't forget to set the "Also use this proxy for HTTPS" checkbox too. Press OK to save the settings.

At Settings / Privacy and Security go to "Security / Certificates" part and turn the "Query OCSP responder servers to confirm the current validity of certificates" checkox OFF. Then press View Certificates... button and in the dialog, select the "Servers" tab. There press Add Exception... button, and then enter the URL you would like to visit (like: https://eu.httpbin.org/ in your example) and press Get Certificate - if everything goes well then the Permanently store this exception checkbox become available, so turn that ON, and finally press Confirm Security Exception button.

After the above settings you may visit the website, and Firefox will not show certificate error.

from mitmjavaproxy.

Hello @raullgiordano

Re certificate error meanwhile using curl:
The first few steps to build and start the proxy in standalone mode is the same as described at the Firefox case above.
So assuming that the proxy is running on port 58671, pls use this curl command:

curl.exe -X POST "https://eu.httpbin.org/post" -H "accept: application/json" -d "param1=value1&param2=value2" -x http://127.0.0.1:58761 --insecure

And it will provide proper answer.

As you see, no cacert usage (or extracting the cer or jks file from the jar) is necessary at all, in both solutions.

Pls let me know if the answer provided is sufficient.

from mitmjavaproxy.

Seems the issue is resolved - at least there is no feedback against it.

from mitmjavaproxy.