Inspect the network traffic between you and your connection target

Managed by | Updated .

Warning

This article describes how to intentionally insert making a security vulnerability for debugging purposes this should not be done within any production environment.

Occasionally when writing a Groovy script you might like to inspect the network traffic between you and your connection target.

To do this, you need to run a tool such as mitmproxy, on a given port, like so:

Terminal - Run mitmproxy
$ mitmproxy -p 8085

This tells to your script to use the proxy running on localhost on port 8085 for both http and https traffic.

However, since https is designed to be impervious to this kind of eavesdropping, you'll soon get the following exception in your logs.

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.restfb.DefaultWebRequestor.execute(DefaultWebRequestor.java:357)
    at com.restfb.DefaultWebRequestor.executeGet(DefaultWebRequestor.java:93)
    at com.restfb.DefaultFacebookClient$3.makeRequest(DefaultFacebookClient.java:1007)
    at com.restfb.DefaultFacebookClient.makeRequestAndProcessResponse(DefaultFacebookClient.java:1068)
    ... 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    ... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    ... 9 more

In order to get around this, you'll need to break the security a little bit in your Groovy script.

  1. Import the SSL libraries
  2. Make a "Trust Manager" which is bad at security
  3. Instantiate and register the Trust Manager
  4. Tell the Groovy to send its traffic via mitmproxy
  5. Include the rest of your script.
//1. import ssl libs
import javax.net.ssl.*;

//2. make a trust manager
class CrappyTrustManager implements X509TrustManager {
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
    public void checkClientTrusted(
        X509Certificate[] certs, String authType) {
    }
    public void checkServerTrusted(
        X509Certificate[] certs, String authType) {
    }
}

//3. Instantiate and register the Trust Manager
TrustManager[] trustAllCerts = [new CrappyTrustManager()].toArray();
try {
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
    System.err.println("Problem registering trust manager:");
    System.err.println(e.getMessage());
}

//4. Tell the Groovy to send its traffic via mitmproxy
System.setProperty("http.proxyHost", "127.0.0.1");
System.setProperty("http.proxyPort", "8085");
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8085");

/* 5. The rest of your script */
Info

Java accepts an Array of TrustManager, but in Groovy we instantiate it as an ArrayList, so we use toArray() to bridge the gap

Was this artcle helpful?

Comments