Hijack HTTPS over TLS 1.2 without Charles Proxy

TLS 1.2

Charles Proxy 3.9 uses the bouncycastle 1.4 for SSL/TLS, but TLS 1.2 is not yet supported in bcprov’s latest release(1.51), that’s why I got a

on some sites.

I tried to upgrade bcprov.jar, some incompatible exceptions were thrown.

To check if a https site uses TLSv1.2:


Examples:

Hijack Cascade

For those I want to hijack, like the cascade-quest-prod.parseapp.com, I choose to set up an nginx proxy and sign my own certificates.

BigFish’s Cascade is a boring match-3 game, its save file is neither a plain text nor a known database file, but it offers a chance winning one prize everyday.
The API on https://cascade-quest-prod.parseapp.com requires Internet connection, Charles Proxy is the best choice analyzing.
But as I said above, the protocol_version error occurs.
The idea solving the problem is setting up a proxy using nginx as I mentioned above.
So I created a CA, installed certs on my iPhone, then signed a cert for *.parseapp.com, and got a nginx server done.
An empty nginx server would be enough the request URLs. For more, like http headers, I coded a simple php script, logging requests.
To make app working, I added an reverse proxy to, I tested, port 80.

nginx conf

proxy.php

DNSMASQ

Hijack HTTPS over TLS 1.2 without Charles Proxy by @sskaje: https://sskaje.me/2014/09/charles-proxy-tls-1-2/

Incoming search terms: