Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",)

Question

Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",)

gratzz opened this issue 7 years ago · comments

Hello,

Using the mitmproxy docker container and using a specific application I get these unexpected EOF.
The unfortunate part is I don't have control of the application.
I have imported the certificate and can browse with common browsers.
I can use wget and get the same link that I need to work.

Furthermore I redirect a stream to a server and I see the process complete successfully on that server. So I know that the client request hits mitm, sends the right data then mitm reaches out to the server pulls the data gets a 200 then the application or something pukes on the return trip. It is possible that the returned data is malformed but wget works fine and returned data is not malformed.

I installed it with this.
sudo docker pull mitmproxy/mitmproxy

I have run it many ways finally ending up with:
sudo docker -D run -v /home/ec2-user/gdev/misc-scripts/mitmproxy:/scripts -p 48080:8080 mitmproxy/mitmproxy mitmdump --ssl-version-client TLSv1_2 --ssl-version-server TLSv1_2 --insecure --anticache -s /scripts/httpproxy.py

The httpproxy.py looks for a every specific thing. So for the most part it rarely fires.

    if not flow.request.url[-3:] == 'qvt':
        return
    else:
        debug = True
    resp = str(flow.response.content, 'utf-8')
    data = json.loads(resp) etc...

Here are the errors I see.
174.52.2.243:51503: CONNECT beacons5.gvt3.com:443
<< Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",)
174.52.2.243:51503: clientdisconnect
174.52.2.243:51508: clientconnect
174.52.2.243:51508: CONNECT clients4.google.com:443
<< Cannot establish TLS with client (sni: clients4.google.com): TlsException("(-1, 'Unexpected EOF')",)
174.52.2.243:51508: clientdisconnect
174.52.2.243:51509: clientconnect
174.52.2.243:51509: CONNECT discourse.mitmproxy.org:443
<< Cannot establish TLS with client (sni: discourse.mitmproxy.org): TlsException("(-1, 'Unexpected EOF')",)

I have attached a pcap with what I think is the client and server side of the failed connection if it helps.
brokensession.zip

Any help or suggestions would be appreciated the only thing I can find on the internet with the same error referenced openssl and was specific to safari.

George · Answer 1 · Thu Aug 24 2017 01:57:34 GMT+0800 (China Standard Time)

Oh side note the pcap was taken at the docker host with a tcpdump -i any so there is some duplication as the packet moves from the vm to the docker container the 172.17.0.3 is the docker container
The application I'm trying to redirect is the sling tv application running on windows 10 pro

Maximilian Hils · Answer 2 · Thu Aug 24 2017 02:39:44 GMT+0800 (China Standard Time)

Hi,

if it works with other applications than your specific one, this looks like your specific application does not consider mitmproxy's CA certificate as trusted. This is not a mitmproxy bug and we can't do anything about this.