Good-MITM icon indicating copy to clipboard operation
Good-MITM copied to clipboard
verified publisher icon zu1k

Failed to establish TLS connection with client

Open piokto opened this issue 3 years ago • 1 comments 

thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: UnexpectedEof, error: "tls handshake eof" }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30
[2022-09-21T08:44:24Z INFO  g

piokto avatar Sep 21 '22 08:09 piokto

无法与客户端建立 TLS 连接,大概率因为客户端不信任证书。

  1. 检查操作系统或浏览器是否信任 Good-MITM 证书
  2. 检查是否有 SSL Pinning

zu1k avatar Sep 21 '22 09:09 zu1k

使用拦截时无法对http进行访问

piokto avatar Sep 21 '22 13:09 piokto

使用拦截时无法对http进行访问

请提供更详细的信息

zu1k avatar Sep 21 '22 13:09 zu1k

在服务器使用证书拦截时,http链接无法访问,https链接可以访问 日志如下 [2022-09-21T09:08:47Z INFO good_mitm] CA Private key use: ca/private.key [2022-09-21T09:08:47Z INFO good_mitm] CA Certificate use: ca/cert.crt [2022-09-21T09:08:47Z INFO good_mitm] Http Proxy listen on: http://127.0.0.1:34567 [2022-09-21T09:10:11Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:10:16Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: CorruptMessage }', /project/crates/core/src/mitm.rs:142:30 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace [2022-09-21T09:28:14Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:28:20Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:29:16Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:29:16Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:40:48Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:40:48Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:47:17Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30 [2022-09-21T09:47:17Z INFO good_mitm_rule] [Redirect] https://baidu.com.com/ -> http://xxx.xxx.xxx.xxx [2022-09-21T09:47:25Z ERROR rustls::conn] TLS alert received: AlertMessagePayload { level: Fatal, description: CertificateUnknown, } thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', /project/crates/core/src/mitm.rs:142:30

piokto avatar Sep 21 '22 14:09 piokto

请附上你的规则文件,日志使用源码格式

zu1k avatar Sep 21 '22 14:09 zu1k 

- name: "reject CSDN"
  filter:
   -  domain-keyword: 'csdn'
   -  domain-keyword: 'hao123'
   -  domain-keyword: 'cctv'
  action:
       redirect: "https://baidu.com"
- name: "reject youtube.com"
  filter:
   -  domain-keyword: 'youtube'
  action:
       redirect: "http://xxx.xxx.xxx.xxx"

规则大概是这样的 日志文件在哪看呢

piokto avatar Sep 21 '22 15:09 piokto

无法复现,测试无任何问题,请自行检查

zu1k avatar Sep 21 '22 23:09 zu1k