Https Connections through Proxy server failing in iPad running iOS 9.3
205 views
Skip to first unread message
swagat bora
May 24, 2016, 6:51:05 PM5/24/16
to OWASP ZAP Developer Group
Hello all,
I am new to Zap proxy and just recently started experimenting with it. Currently, I have a ZAP proxy server running in a Linux box running Ubuntu and I am trying to connect my iPad to this proxy server to gather all the traffic info routed through it. I have installed the OWASP ROOT CA Certificate in my iPad which I generated using ZAP's dynamic SSL certificates options. However, even after installing the appropriate certificate I am still not able to connect to any HTTPS site and I get the error "Safari cannot open the page because it could not establish a secure connection to the server" . I am able to connect to normal HTTP sites and see the Web Traffic in ZAP application for the same. Also, in my iPad's Settings->General->Profile&Device Management->Configuration Profile, "OWASP Zed Attack Proxy Root CA" appears as "Verified". Anyone who had faced a similar issue and solved it or can help me with something that I have been doing wrong in the process? Will really appreciate some help.
Regards
Swagat
I am new to Zap proxy and just recently started experimenting with it. Currently, I have a ZAP proxy server running in a Linux box running Ubuntu and I am trying to connect my iPad to this proxy server to gather all the traffic info routed through it. I have installed the OWASP ROOT CA Certificate in my iPad which I generated using ZAP's dynamic SSL certificates options. However, even after installing the appropriate certificate I am still not able to connect to any HTTPS site and I get the error "Safari cannot open the page because it could not establish a secure connection to the server" . I am able to connect to normal HTTP sites and see the Web Traffic in ZAP application for the same. Also, in my iPad's Settings->General->Profile&Device Management->Configuration Profile, "OWASP Zed Attack Proxy Root CA" appears as "Verified". Anyone who had faced a similar issue and solved it or can help me with something that I have been doing wrong in the process? Will really appreciate some help.
Regards
Swagat
Kevin W. Wall
May 24, 2016, 7:13:19 PM5/24/16
to zaproxy...@googlegroups.com
Does Safari on iPad use "certificate pinning"? If so, that could be your problem. You should be able to test it by visiting some https: site you've never visited before since only a few "pins" would be pre-loaded (e.g., Apple sites) and the others work on TOFU (Trust On First Use).
-kevin
Sent from my Droid; please excuse typos.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages