Proxy for Android problems with ALPN and SSE

[Andrey Maksimov]

I had raised this problem in zaproxy-develop group and have been advised to move to zaproxy-users.

While proxying Android device with ZAP initially all requests go with HTTP/1.1.

Disabling HTTP/1.1 in ZAP ALPN settings leads to using HTTP/2. But I need both protocol versions.

It seems that something is not completely right on the ZAP's side.

Google Chrome on Android, wifi and proxying through ZAP.

The same scenario works just fine with Charles proxy - it correctly identifies when to use HTTP/2 and when HTTP/1.1.

However working through ZAP somehow affects client to choose HTTP/1.1 over HTTP/2 even though HTTP/2 is available.

I need to proxy usage of mobile app on Android.

There is also a problem with SSE addon - it just doesn't work. And I hoped that with HTTP/2 SSE would work correctly, but even when I expicitly disabled HTTP/1.1 SSE still didn't work.

Could you check:

- ALPN?

- SSE?

If you have examples of correct proxying through ZAP of Android app with both http/1.1 and http/2 - please share. I would also appreciate example with SSE.

Looking forward to your reply.

Kind Regards,

Andrey

[Patrick Double]

This GitHub issue looks relevant: https://github.com/zaproxy/zaproxy/issues/7837

[Andrey Maksimov]

Yeah, thanks. Unfortunately, it seems ZAP team considers that kind of behavior as the right one.

[thc...@gmail.com]

There's no "right one", the issue was not closed for a reason.

Best regards.

[Simon Bennetts]

And we're always on for supporting multiple options - we know theres no one right way for everyone.

[Andrey Maksimov]

It would be great to have an option for ALPN providing behavior for ZAP to not affect version protocol choice.=)

Regarding SSE. Is there any example? I just hadn't find cases showing ZAP SSE-addon is working.

Thanks=)

[thc...@gmail.com]

The SSE not working is a bug introduced in version 2.12.

Best regards.