MITM issue when using bmp-littleproxy-mitm as proxy in a surrounding app
427 views
Skip to first unread message
Tamas Kohegyi
Feb 26, 2016, 9:00:25 AM2/26/16
to BrowserMob Proxy
Hi,
I tried to use the new 2.1 bmp + littleproxy + mitm as proxy within a sorrounding application - actually for this: https://github.com/epam/Wilma (it is using a derived work of old 2.0 bmp, and works with that version fine)
First I created a gradle custom build, and used local repo to store the built jars, all unit test passed.
But when the proxy is used, I got the following exception for all https connections (using firefox as client, using bmp + littleproxy + mitm as proxy):
First I created a gradle custom build, and used local repo to store the built jars, all unit test passed.
But when the proxy is used, I got the following exception for all https connections (using firefox as client, using bmp + littleproxy + mitm as proxy):
14:30:56.305 [LittleProxy-0-ClientToProxyWorker-0] WARN net.lightbody.bmp.mitm.util.SslUtil - Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers. 14:30:56.818 [LittleProxy-0-ProxyToServerWorker-0] ERROR o.l.p.impl.ProxyToServerConnection - (HANDSHAKING) [id: 0x81267d24, /10.0.6.33:63408 => aus4.mozilla.org/63.245.213.45:443]: Caught an exception on ProxyToServerConnection io.netty.handler.codec.DecoderException: java.lang.RuntimeException: Could not derive key at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:400) ~[wilma-1.5.DEV.jar:na] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:244) ~[wilma-1.5.DEV.jar:na] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:307) [wilma-1.5.DEV.jar:na] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:293) [wilma-1.5.DEV.jar:na] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:840) [wilma-1.5.DEV.jar:na] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131) [wilma-1.5.DEV.jar:na] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) [wilma-1.5.DEV.jar:na] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) [wilma-1.5.DEV.jar:na] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) [wilma-1.5.DEV.jar:na] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) [wilma-1.5.DEV.jar:na] at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112) [wilma-1.5.DEV.jar:na] at java.lang.Thread.run(Unknown Source) [na:1.8.0_60] Caused by: java.lang.RuntimeException: Could not derive key at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_60] at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_60] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1098) ~[wilma-1.5.DEV.jar:na] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:976) ~[wilma-1.5.DEV.jar:na] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:912) ~[wilma-1.5.DEV.jar:na] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:369) ~[wilma-1.5.DEV.jar:na] ... 11 common frames omitted Caused by: java.security.ProviderException: Could not derive key at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:133) ~[sunec.jar:1.8.0_60] at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:163) ~[sunec.jar:1.8.0_60] at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:648) ~[na:1.8.0_60] at sun.security.ssl.ECDHCrypt.getAgreedSecret(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_60] at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_60] at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_60] at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1124) ~[wilma-1.5.DEV.jar:na] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1015) ~[wilma-1.5.DEV.jar:na] ... 13 common frames omitted Caused by: java.security.InvalidAlgorithmParameterException: null at sun.security.ec.ECDHKeyAgreement.deriveKey(Native Method) ~[sunec.jar:1.8.0_60] at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:130) ~[sunec.jar:1.8.0_60] ... 25 common frames omitted
Have you ever faced with similar problem?
Do any of you have idea what went wrong?
br,
Tamas
sunny sachdeva
May 25, 2017, 2:08:53 AM5/25/17
to BrowserMob Proxy
I am also getting same error. Did you get any solution
Thanks
Sunny
Reply all
Reply to author
Forward
0 new messages