mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-27 10:26:23 +00:00
22 lines
918 B
HTML
22 lines
918 B
HTML
|
When mitmproxy receives a connection destined for an SSL-protected service, it
|
||
|
freezes the connection before reading its request data, and makes a connection
|
||
|
to the upstream server to "sniff" the contents of its SSL certificate. The
|
||
|
information gained - the __Common Name__ and __Subject Alternative Names__ - is
|
||
|
then used to generate the interception certificate, which is sent to the client
|
||
|
so the connection can continue.
|
||
|
|
||
|
This rather intricate little dance lets us seamlessly generate correct
|
||
|
certificates even if the client has specifed only an IP address rather than the
|
||
|
hostname. It also means that we don't need to sniff additional data to generate
|
||
|
certs in transparent mode.
|
||
|
|
||
|
Upstream cert sniffing is on by default, and can optionally be turned off.
|
||
|
|
||
|
<table class="table">
|
||
|
<tbody>
|
||
|
<tr>
|
||
|
<th width="20%">command-line</th> <td>--no-upstream-cert</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|