13
Android 애플리케이션에서 .json 요청 및 응답 데이터를 디버깅하도록 로컬 HTTP 프록시를 설정했습니다. 명령 행 옵션 -http-proxy http://localhost:8888을 사용하여 Android 4.2.2를 실행하는 Nexus One 에뮬레이터 이미지에 배치합니다. ADT Build : v21.1.0-569685를 사용하고 있습니다. 나는 HTTP 프록시 내가 끝내 사용하여 실행 다음 코드와 HTTPS 연결을 처리 할 수 있는지 확인할 수 있습니다Android 에뮬레이터 http 프록시 SSL 핸드 셰이크 오류
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
FileInputStream fis =
new FileInputStream("./.mitmproxy/mitmproxy-ca-cert.pem");
BufferedInputStream bis = new BufferedInputStream(fis);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null,"".toCharArray());
while (bis.available() > 0)
{
Certificate cert = cf.generateCertificate(bis);
ks.setCertificateEntry("mitmproxy", cert);
System.out.println(cert.toString());
}
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sslFactory = ctx.getSocketFactory();
try
{
String url = "https://www.openssl.org/";
Proxy proxy =
new Proxy(
Proxy.Type.HTTP,
new InetSocketAddress("127.0.0.1", 8888));
HttpsURLConnection conn =
(HttpsURLConnection) new URL(url).openConnection(proxy);
conn.setSSLSocketFactory(sslFactory);
String s =
new Scanner(
conn.getInputStream(),
"UTF-8").useDelimiter("\\A").next();
System.out.println(s);
}
catch (Exception e)
{
e.printStackTrace();
}
이 조각, 그냥 벌금 HTTPS 자원을 가져 오는 요청 및 암호화되지 않은 응답을 기록하고 아름답게 작동합니다. 프록시는 HTTPS 리소스를 프록시로 사용하도록 구성된 브라우저에서 HTTPS 리소스에 액세스 할 때도 작동하므로 문제는 프록시와 관련이 없다고 확신합니다. 인증서를 기반으로, 내가 mitmproxy를 사용하고 있다고 말할 수 있지만이 코드는 OWASP ZAP 프록시에서도 작동합니다. 안드로이드 측면에서
127.0.0.1:56210: connect
127.0.0.1:56210: 400: SSL handshake error: (-1, 'Unexpected EOF')
127.0.0.1:56210: disconnect
-> handled 0 requests
, 다음과 같은 예외 :하지만 중 하나를 프록시, 안드로이드 이미지에 해당하는 CA 루트 인증서를 설치 한 후, HTTPS 이미지의 요청은 다음과 같은 이벤트가 mitmproxy 이벤트 로그에 기록되는 실패 던졌습니다 :
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): Network error
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x2a180890: Failure in SSL library, usually a protocol error
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x45dc2ba8:0x00000000)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:420)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:219)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:480)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:444)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:294)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:244)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:286)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:181)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:273)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.network.HttpUrlConnectionClient.send(HttpUrlConnectionClient.java:178)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.network.AppClient.send(AppClient.java:212)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.network.MsiClient.send(MsiClient.java:87)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.services.SimpleService.runService(SimpleService.java:134)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.task.InitTask.doInBackground(InitTask.java:84)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.task.InitTask.doInBackground(InitTask.java:1)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at android.os.AsyncTask$2.call(AsyncTask.java:287)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.util.concurrent.FutureTask.run(FutureTask.java:234)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.lang.Thread.run(Thread.java:856)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x2a180890: Failure in SSL library, usually a protocol error
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x45dc2ba8:0x00000000)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): ... 20 more
다른 HTTP 요청이 기록되고 예상대로 기록됩니다. HTTP 프록시를 사용하여 SSL 핸드 셰이크를 성공적으로 완료하기 위해 Android 이미지의 SSL 설정에서 누락 된 사항은 무엇입니까?
답변을 찾았습니까? Android 2.3.3에서도 같은 문제가 발생합니다. 나는 [이 방법] (http://varutra.com/blog/?p=69)에 의해 에뮬레이터 이미지에 인증서를 설치했지만 400 오류가 계속 발생합니다. – jab