I try use HTTP Toolkit to trace a app in android, the firsts request are correctly but when I try login the request return the next information:
This request was not forwarded successfully
The upstream server failed to complete a TLS handshake, so HTTP Toolkit did not forward the request.
This could be caused by the server not supporting modern cipher standards or TLS versions, requiring a client certificate that hasn't been provided, or other TLS configuration issues.
Pro users can relax HTTPS requirements for configured hosts to accept older TLS versions and self-signed/invalid certificates, and configure per-host client certificates for authentication.
And the response of the request is:
The connection failed before a response could be completed with error:
Upstream connection error: write EPROTO 9860:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:c:\ws\deps\openssl\openssl\ssl\record\rec_layer_s3.c:1546:SSL alert number 42
Do I need a upload a SSL certificate in HTTP Toolkit to this work correctly?
Actually I use a virtual device created in Android Studio and this is rooted to grant the permissions of CA certificate on the phone.
I need a solution for this case to continue with my analysis.
HTTP Toolkit's message there means that the upstream server TLS connection failed, with some generic TLS error.
In the details, the specific OpenSSL error
sslv3 alert bad certificate ... alert number 42, message shown implies that this was because a client certificate was required, and wasn't received by the server (more details here: https://serverfault.com/questions/806141/is-the-alert-ssl3-read-bytessslv3-alert-bad-certificate-indicating-that-the-s).This usually means that the server requires the client (in proxying cases like this, that means HTTP Toolkit, not the app) to send a TLS client certificate when it connects. You'll need to configure that client certificate in HTTP Toolkit's Settings to do this, which requires HTTP Toolkit Pro. To actually add this you'll need the client certificate itself - in most cases like this on Android that will be embedded in the app you're intercepting, and so you'll need to extract it somehow from the app first.