get ssl error

[leetomlee123]

2024/12/25 15:11:20 [007] INFO: on 0th handler: &{2 0x1220e00} 47.243.34.160:80
2024/12/25 15:11:20 [007] INFO: Assuming CONNECT is TLS, mitm proxying it
2024/12/25 15:11:20 [007] INFO: signing for 47.243.34.160

2024/12/25 15:11:20 [007] WARN: Cannot handshake client 47.243.34.160:80 tls: first record does not look like a TLS handshake

data stream=> android vpnservice->tun2proxy->goproxy

error forward http request to https request

how to fix it

[ErikPelli]

There are so many middle services so it's hard to follow.
By the way, I assume you are currently indirectly using the MitmConnect action, through goproxy.AlwaysMitm.
You have to handle to add a different handler for the port 80 (HTTP) to use the HTTPMitmConnect, for normal HTTP data.

In goproxy, http mitm and https MITM are separated.

[leetomlee123]

`
customCaMitm := &goproxy.ConnectAction{Action: goproxy.ConnectMitm, TLSConfig: goproxy.TLSConfigFromCA(cert)}
customCaMitmHttp := &goproxy.ConnectAction{Action: goproxy.ConnectHTTPMitm, TLSConfig: goproxy.TLSConfigFromCA(cert)}

var customAlwaysMitm goproxy.FuncHttpsHandler = func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
	if ctx.Req.Method == "CONNECT" {
		// CONNECT 请求，即 HTTPS 代理
		log.Printf("HTTPS CONNECT request intercepted: %s", host)
		return customCaMitm, host // 使用 MITM
	} else {
		// 非 CONNECT 请求，即 HTTP 请求
		log.Printf("HTTP request intercepted: %s, Method: %s", host, ctx.Req.Method)
				return customCaMitmHttp, host // 不使用 MITM
	}
}
proxy := goproxy.NewProxyHttpServer()
proxy.Verbose = true
proxy.CertStore = NewCertStorage()
proxy.OnRequest().HandleConnect(customAlwaysMitm)

`
this is my code ,its can not get https ,code right ? help

[ErikPelli]

If this problem happens only when using this project, I would analyze what it does and log the information about every single request.
I have no clue if they rewrite the port or what, never used it.
Also, your check doesn't seem to have any meaning, id you're inside handleConnect, the method is always CONNECT.
I think that your problem is that you're using a CONNECT proxy for a normal HTTP request, you need to investigate about this.

[leetomlee123]

customCaMitm := &goproxy.ConnectAction{Action: goproxy.ConnectMitm, TLSConfig: goproxy.TLSConfigFromCA(cert)}
// customCaMitmHttp := &goproxy.ConnectAction{Action: goproxy.ConnectHTTPMitm, TLSConfig: goproxy.TLSConfigFromCA(cert)}

var customAlwaysMitm goproxy.FuncHttpsHandler = func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
		return customCaMitm, host // 使用 MITM
}

proxy := goproxy.NewProxyHttpServer()
proxy.Verbose = true
proxy.CertStore = NewCertStorage()
proxy.OnRequest().HandleConnect(customAlwaysMitm)

thats my new code ,https req is ok,but http req failed ,how to resolve it

[leetomlee123]

As mentioned above, I use the tun2proxy library to forward all traffic to goproxy, but goproxy doesn't seem to be able to distinguish between http/https requests and processes them all as https. This error occurs. Can you tell me how to configure it to handle it correctly?

[leetomlee123]

I may have found the problem. tun2proxy is a VPN that will establish a connect tunnel between proxy servers to forward all traffic. So goproxy receives only connect requests, which leads to misjudgment and treats http as https.

[ErikPelli]

I may have found the problem. tun2proxy is a VPN that will establish a connect tunnel between proxy servers to forward all traffic. So goproxy receives only connect requests, which leads to misjudgment and treats http as https.

Yes, this is what I told you in the last message.
You have to distinguish ConnectHTTPMitm and TLS MITM by yourself, maybe using the port.
The first is for HTTP, the latter for HTTPS.

If you use TLS for HTTP, obviously it doesn't work...