Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support https for scraper api #62

Open
galmok opened this issue Jul 25, 2019 · 3 comments
Open

Support https for scraper api #62

galmok opened this issue Jul 25, 2019 · 3 comments

Comments

@galmok
Copy link

galmok commented Jul 25, 2019

I have gotten most if it up and running, but I am concerned about the seemingly lack of HTTPS support for the communication between the Android app and the tesla api scraper. HTTP makes it very easy to sniff out the API key...

So, could we get support for HTTPS? :)
@galmok
Copy link
Author

galmok commented Jul 25, 2019
edited
Loading

I have added a certificate and made apiscraper.py load it (only 2 lines of code change), but the Android App refuses to talk to the server. I have verified that the certificate indeed is loaded and working, but as it is a self-signed certificate, the Android App flat out refuses it. I even loaded the certificate into the certificate store in the phone, but it wont work. Browsers also warn about the certificate, but lets me bypass the warning.

I tested the webserver using https://www.digicert.com/help/ and it reports every is ok, except there is not CA (which self-signed certificates do not have).

Could you expand on the app and either let all self-signed certificates pass (not a great idea, but better what we have not) or only let the certificate with the correct thumb-print pass? Or check if the certificate is loaded into the phones certificate store, in which case, the app accepts it (I prefer this solution).

The change I made is this:

bme@bme-Virtual-Machine:~/tesla-apiscraper$ diff apiscraper.original.py apiscraper.py
27a28
> import ssl
391a393
>         self.socket = ssl.wrap_socket(self.socket, certfile='certificate.pem', keyfile='private.pem', server_side=True)

And I created the PEM files like this:

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout private.pem -out certificate.pem

I filled out the country code and the common name (with the common name equal to my FQDN).

I converted to CRT (for Android) this way:

openssl x509 -inform PEM -outform DM -in certificate.pem -out certificate.crt

@galmok
Copy link
Author

galmok commented Jul 25, 2019

The above certificates were probably not created correctly, but I have since tried two other guides, lastest being this:

https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/

and I the app simply wont budge. It doesn't seem like it accepts my personal CA.

If anyone can make this work, please let us know in this thread. Security is kind of important. :)

@lephisto
Copy link
Owner

It would be easier to put behind a reverseproxy (nginx, apache, you name it). I didn't want to bring the complexity of SSL / Letsencrypt into this project, but if you feel like, send PR :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lephisto @galmok