Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Xray-core "MitM" requires a certificate to run #4336

Open
patterniha opened this issue Feb 11, 2025 · 4 comments
Open

Xray-core "MitM" requires a certificate to run #4336

patterniha opened this issue Feb 11, 2025 · 4 comments

Comments

@patterniha
Copy link

patterniha commented Feb 11, 2025
edited
Loading

XRay-core will unveil MitM in next version (MitM + Domain Fronting).

the users need to create and import a self-signed-certificate into the config:

"certificates": [
            {
              "usage": "issue",
              "certificateFile": "mycert.crt",
              "keyFile": "mycert.key"
            }
]

so like geo-asset-files we need a section in v2rayNG to import the user certificate and its private-key.

///

also, Xray-core can generate self-signed-certificate with xray tls cert -ca -file=mycert command,

this command generate a certificate and its private-key and saves them in: mycert.crt and mycert.key

in addition, the users need to import mycert.crt into the android-system,

So In addition to the ability to Import the existing user certificate, v2rayNG must be able to generate and export a new certificate.
@patterniha patterniha changed the title Xray-core MitM requires a certificate to run Xray-core "MitM" requires a certificate to run Feb 11, 2025
@patterniha
Copy link
Author

patterniha commented Feb 20, 2025
edited
Loading

@Fangliding

why dislike?

If v2rayNG is not able to generate a certificate, then most of the users will use the ready-made certificate posted on youtube,...
and then anyone can insert their own certificate into the victim's device and perform criminal acts.

@patterniha
Copy link
Author

patterniha commented Feb 26, 2025
edited
Loading

@2dust
Three days have passed since the MitM-examples were released and unfortunately v2rayng still does not have support for MitM well and you cannot generate a new certificate nor does it accept the certificate from a file and the user has to enter it as string, so it will be very difficult for a normal user to use MitM.

@patterniha patterniha mentioned this issue Feb 26, 2025
Closed
@UjuiUjuMandan
Copy link
Contributor

UjuiUjuMandan commented Mar 10, 2025
edited
Loading

MITM on Android is not so ideal since most applications won't trust the installed certificate in user CA storage, but iOS does trust, BTW.

For trusting, either the app opts in, by adding <certificates src="user"/> to its network security config, as most web browsers do, or the user gets root permission (not so normal) and moves or copies the user CA to system storage.

@patterniha
Copy link
Author

patterniha commented Mar 10, 2025
edited
Loading

@UjuiUjuMandan

Yes, I mentioned this in https://github.com/XTLS/Xray-examples/blob/main/Serverless-for-Iran/README.md

Anyway, I hope this restriction will be removed in the future.

at least, i think "geo asset files" should be renamed to "geo and certificate asset files" and v2rayNG supports importing certificates.

Currently, the only way to import a certificate is "string", which is not convenient at all.

(Although, users still can't generate certificate on android)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@patterniha @UjuiUjuMandan