MITM false positive for iOS 13 Safari

[analogist]

I believe Safari under the newly released iOS 13.x are triggering mitm.watch false positives. This was seen in iOS 13.0, 13.1, and 13.1.1.

Unmodified User String

Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.1 Mobile/15E148 Safari/604.1

Browser version, OS

Safari 13.0.1 on iOS 13.1.1

Raw ClientHello

Hexdump

0000  16 03 01 02 00 01 00 01  fc 03 03 6f 20 ab 63 c1   ........ ...o .c.
0010  c9 4e ba d9 f7 fa 10 d7  dc 40 9b 97 57 d2 6a ed   .N...... [email protected].
0020  79 13 fd dc dc 79 5d c7  24 01 65 20 b7 3b f6 ab   y....y]. $.e .;..
0030  c6 33 cf 94 09 e0 14 d5  38 c5 98 c0 85 15 c6 de   .3...... 8.......
0040  8e 6c cd f7 20 d0 41 b7  86 01 55 84 00 34 13 01   .l.. .A. ..U..4..
0050  13 02 13 03 c0 2c c0 2b  c0 24 c0 23 c0 0a c0 09   .....,.+ .$.#....
0060  cc a9 c0 30 c0 2f c0 28  c0 27 c0 14 c0 13 cc a8   ...0./.( .'......
0070  00 9d 00 9c 00 3d 00 3c  00 35 00 2f c0 08 c0 12   .....=.< .5./....
0080  00 0a 01 00 01 7f ff 01  00 01 00 00 17 00 00 00   ........ ........
0090  0d 00 18 00 16 04 03 08  04 04 01 05 03 02 03 08   ........ ........
00A0  05 08 05 05 01 08 06 06  01 02 01 00 05 00 05 01   ........ ........
00B0  00 00 00 00 00 12 00 00  00 10 00 0e 00 0c 02 68   ........ .......h
00C0  32 08 68 74 74 70 2f 31  2e 31 00 0b 00 02 01 00   2.http/1 .1......
00D0  00 33 00 26 00 24 00 1d  00 20 47 e4 d5 b8 1a 8c   .3.&.$.. . G.....
00E0  0c 7e 47 8d 6c c3 f6 c9  e1 95 5f b7 06 d8 8f 81   .~G.l... .._.....
00F0  7e 98 c7 bd 24 e1 79 70  31 46 00 2d 00 02 01 01   ~...$.yp 1F.-....
0100  00 2b 00 09 08 03 04 03  03 03 02 03 01 00 0a 00   .+...... ........
0110  0a 00 08 00 1d 00 17 00  18 00 19 00 15 00 e6 00   ........ ........
0120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0130  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0140  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0150  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0160  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0190  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
01A0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
01B0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
01C0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
01D0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
01E0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
01F0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0200  00 00 00 00 00                                     .....

raw binascii

1603010200010001fc03036f20ab63c1c94ebad9f7fa10d7dc409b9757d26aed7913fddcdc795dc724016520b73bf6abc633cf9409e014d538c598c08515c6de8e6ccdf720d041b7860155840034130113021303c02cc02bc024c023c00ac009cca9c030c02fc028c027c014c013cca8009d009c003d003c0035002fc008c012000a0100017fff
0100010000170000000d0018001604030804040105030203080508050501080606010201000500050100000000001200000010000e000c02683208687474702f312e31000b00020100003300260024001d002047e4d5b81a8c0c7e478d6cc3f6c9e1955fb706d88f817e98c7bd24e179703146002d00020101002b000908030403030302030100
0a000a0008001d001700180019001500e600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Wireshark parse

Secure Sockets Layer
    TLSv1.2 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 512
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 508
            Version: TLS 1.2 (0x0303)
            Random: 6f20ab63c1c94ebad9f7fa10d7dc409b9757d26aed7913fd...
                GMT Unix Time: Jan 29, 2029 12:13:23.000000000 PST
                Random Bytes: c1c94ebad9f7fa10d7dc409b9757d26aed7913fddcdc795d...
            Session ID Length: 32
            Session ID: b73bf6abc633cf9409e014d538c598c08515c6de8e6ccdf7...
            Cipher Suites Length: 52
            Cipher Suites (26 suites)
                Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
                Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
                Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
            Compression Methods Length: 1
            Compression Methods (1 method)
                Compression Method: null (0)
            Extensions Length: 383
            Extension: renegotiation_info (len=1)
                Type: renegotiation_info (65281)
                Length: 1
                Renegotiation Info extension
                    Renegotiation info extension length: 0
            Extension: extended_master_secret (len=0)
                Type: extended_master_secret (23)
                Length: 0
            Extension: signature_algorithms (len=24)
                Type: signature_algorithms (13)
                Length: 24
                Signature Hash Algorithms Length: 22
                Signature Hash Algorithms (11 algorithms)
                    Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: Unknown (4)
                    Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
                        Signature Hash Algorithm Hash: SHA256 (4)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Algorithm: ecdsa_sha1 (0x0203)
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: ECDSA (3)
                    Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: Unknown (5)
                    Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: Unknown (5)
                    Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
                        Signature Hash Algorithm Hash: SHA384 (5)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
                        Signature Hash Algorithm Hash: Unknown (8)
                        Signature Hash Algorithm Signature: Unknown (6)
                    Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
                        Signature Hash Algorithm Hash: SHA512 (6)
                        Signature Hash Algorithm Signature: RSA (1)
                    Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
                        Signature Hash Algorithm Hash: SHA1 (2)
                        Signature Hash Algorithm Signature: RSA (1)
            Extension: status_request (len=5)
                Type: status_request (5)
                Length: 5
                Certificate Status Type: OCSP (1)
                Responder ID list Length: 0
                Request Extensions Length: 0
            Extension: signed_certificate_timestamp (len=0)
                Type: signed_certificate_timestamp (18)
                Length: 0
            Extension: application_layer_protocol_negotiation (len=14)
                Type: application_layer_protocol_negotiation (16)
                Length: 14
                ALPN Extension Length: 12
                ALPN Protocol
                    ALPN string length: 2
                    ALPN Next Protocol: h2
                    ALPN string length: 8
                    ALPN Next Protocol: http/1.1
            Extension: ec_point_formats (len=2)
                Type: ec_point_formats (11)
                Length: 2
                EC point formats Length: 1
                Elliptic curves point formats (1)
                    EC point format: uncompressed (0)
            Extension: key_share (len=38)
                Type: key_share (51)
                Length: 38
                Key Share extension
                    Client Key Share Length: 36
                    Key Share Entry: Group: x25519, Key Exchange length: 32
                        Group: x25519 (29)
                        Key Exchange Length: 32
                        Key Exchange: 47e4d5b81a8c0c7e478d6cc3f6c9e1955fb706d88f817e98...
            Extension: psk_key_exchange_modes (len=2)
                Type: psk_key_exchange_modes (45)
                Length: 2
                PSK Key Exchange Modes Length: 1
                PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
            Extension: supported_versions (len=9)
                Type: supported_versions (43)
                Length: 9
                Supported Versions length: 8
                Supported Version: TLS 1.3 (0x0304)
                Supported Version: TLS 1.2 (0x0303)
                Supported Version: TLS 1.1 (0x0302)
                Supported Version: TLS 1.0 (0x0301)
            Extension: supported_groups (len=10)
                Type: supported_groups (10)
                Length: 10
                Supported Groups List Length: 8
                Supported Groups (4 groups)
                    Supported Group: x25519 (0x001d)
                    Supported Group: secp256r1 (0x0017)
                    Supported Group: secp384r1 (0x0018)
                    Supported Group: secp521r1 (0x0019)
            Extension: padding (len=230)
                Type: padding (21)
                Length: 230
                Padding Data: 000000000000000000000000000000000000000000000000...

[hazcod]

Can confirm this happens too when using iOS13.1/Safari, even via Cloudflare WARP.

[mholt]

Thanks, this is a great false positive report. We're probably going to replace our detection logic with Cloudflare's library, which will be better in the long run.

[hazcod]

@analogist can you perhaps test with https://github.com/cloudflare/mitmengine ?

[francislavoie]

Closing in favour of #2530, we no longer maintain MITM detection in Caddy as of v2, but it may later come back via using the cloudflare lib.