Mitmproxy: Proxy for SSL connections

Created on 9 Mar 2017  路  3Comments  路  Source: mitmproxy/mitmproxy

I use mitmproxy to collect user-agents information from my network, thus the applications works in monitoring mode without any additional rules. For HTTP it works as expected, but HTTPS traffic doesn't load on some pages due to security issues. Of course client has certificate from MITM:
image
And it's necessary to add the exception, but it's hard to make it every time for new SSL host. I would be grateful for any advices how to overcome this limitation for firefox?

Here is mitmdump -v output:

127.0.0.1:55318: clientconnect
127.0.0.1:55318: request
  -> Request(CONNECT s3-ap-southeast-1.amazonaws.com:443)
127.0.0.1:55318: Set new server address: ('s3-ap-southeast-1.amazonaws.com', 443)
127.0.0.1:55318: Parsed Client Hello: sni=s3-ap-southeast-1.amazonaws.com, alpn=['h2', 'http/1.1']
127.0.0.1:55318: serverconnect
  -> s3-ap-southeast-1.amazonaws.com:443
127.0.0.1:55318: Establish TLS with server
127.0.0.1:55318: ALPN selected by server: 
127.0.0.1:55318: Establish TLS with client
127.0.0.1:55318: ALPN for client: http/1.1
127.0.0.1:55318: serverdisconnect
  -> s3-ap-southeast-1.amazonaws.com:443
**127.0.0.1:55318: Client Handshake failed. The client may not trust the proxy's certificate for s3-ap-southeast-1.amazonaws.com.**
127.0.0.1:55318: ClientHandshakeException('Cannot establish TLS with client (sni: s3-ap-southeast-1.amazonaws.com): TlsException("[(\'SSL routines\', \'ssl3_read_bytes\', \'tlsv1 alert unknown ca\')]",)',)
127.0.0.1:55318: clientdisconnect

All 3 comments

I've found answer in documentation. Sorry to bother

I have the same issue and don't really understand what is going on. Mind linking the relevant docs page?

Where in the docs did you find the answer?

Was this page helpful?
0 / 5 - 0 ratings