Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-26 10:16:27 +00:00
Code Issues Projects Releases Wiki Activity

Docs.

Browse Source
This commit is contained in:
Aldo Cortesi 2011-03-18 17:53:00 +13:00
parent e22fd74d06
commit 35a952ef3c
8 changed files with 43 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc-src/certinstall/firefox.html
View File

@ -1,13 +1,15 @@
### 1: Open preferences, click on "Advanced", then select"Encryption": ### 1. If needed, copy the ~/.mitmproxy/mitmproxy-ca-cert.pem file to the target.
### 2: Open preferences, click on "Advanced", then select"Encryption":
<img src="@!urlTo('firefox3.jpg')!@"/> <img src="@!urlTo('firefox3.jpg')!@"/>
### 2: Click "View Certificates", "Import", and select the certificate file: ### 3: Click "View Certificates", "Import", and select the certificate file:
<img src="@!urlTo('firefox3-import.jpg')!@"/> <img src="@!urlTo('firefox3-import.jpg')!@"/>
### 3: Tick "Trust this CS to identify web sites", and click "Ok": ### 4: Tick "Trust this CS to identify web sites", and click "Ok":
<img src="@!urlTo('firefox3-trust.jpg')!@"/> <img src="@!urlTo('firefox3-trust.jpg')!@"/>

6
doc-src/certinstall/osx.html
View File

@ -2,11 +2,7 @@
### 1: Open Finder, and double-click on the mitmproxy ca.pem file. ### 1: Open Finder, and double-click on the mitmproxy ca.pem file.
### 2: You will be prompted to add the certificate. Click "Add": ### 2: You will be prompted to add the certificate. Click "Always Trust":
<img src="@!urlTo('osx-addcert.png')!@"/>
### 3: Click "Always Trust":
<img src="@!urlTo('osx-addcert-alwaystrust.png')!@"/> <img src="@!urlTo('osx-addcert-alwaystrust.png')!@"/>

39
doc-src/certinstall/windows7.html
View File

@ -1,40 +1,19 @@
The Windows certificate manager expects a different certificate format from the These instructions were tested on Windows 7.
one used by mitmproxy. The easiest way to convert the cert to the appropriate
format is to use the Firefox web browser.
### 1: Copy the ~/.mitmproxy/mitmproxy-ca-cert.p12 file to the target system.
### 1: Make sure Firefox is installed on the system. ### 2: Double-click the certificate file. You should see a certificate import wizard:
### 2: Fire up mitmproxy on the interception host. <img src="@!urlTo('win7-wizard.png')!@"/>
### 3: Configure Firefox to use the mitmproxy interceptor.
### 4: Using Firefox, browse to an SSL-protected domain. You will see a warning:
### 5: Click "I understand the risks" and "Add Exception":
### 6: Click "Get certificate", "View", and switch to the "Details" tab:
### 7: Click "Export", and save the certificate in "X.509 Certificate (PEM)" format:
### 8: Next, start a command prompt, and type "certmgr" to start the Certificate Manager:
### 9: From the top menu, select "Action", "All tasks", and then "Import":
### 10: Click "Next", and browse to select the cert we just exported from Firefox:
### 11: Click "Next", and "Finish" to complete the import. Accept all warning prompts.
### 3: Click "Next" until you're prompted for the certificate store:
<img src="@!urlTo('win7-certstore.png')!@"/>
### 4: Select "Place all certificates in the following store, and select "Trusted Root Certification Authorities":
<img src="@!urlTo('win7-certstore-trustedroot.png')!@"/>
### 5: Click "Next" and "Finish".

BIN
doc-src/screenshots/osx-addcert.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 60 KiB

BIN
doc-src/screenshots/win7-certstore-trustedroot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
doc-src/screenshots/win7-certstore.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
doc-src/screenshots/win7-wizard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

37
doc-src/ssl.html
View File

@ -2,15 +2,34 @@
SSL SSL
=== ===
The first time __mitmproxy__ or __mitmdump__ is started, a dummy SSL The first time __mitmproxy__ or __mitmdump__ is started, the following set of
certificate authority is generated (the default location is certificate files for a dummy Certificate Authority are created in the config
~/.mitmproxy/ca.pem). This dummy CA is used to generate dummy certificates for directory (~/.mitmproxy by default):
SSL interception on-the-fly. Since your browser won't trust the __mitmproxy__
dummy CA out of the box (and rightly so), so you will see an SSL cert warning <table>
every time you visit a new SSL domain through __mitmproxy__. When you're <tr>
testing a single site, just accepting the bogus SSL cert manually is not too <td>mitmproxy-ca.pem</td>
much of a hassle, but there are a number of cases where you will want to <td>The private key and certificate in PEM format.</td>
configure your testing system or browser to trust __mitmproxy__: </tr>
<tr>
<td>mitmproxy-ca-cert.pem</td>
<td>Just the certificate in PEM format. Use this to distribute to most
non-Windows platforms.</td>
</tr>
<tr>
<td>mitmproxy-ca-cert.p12</td>
<td>Just the certificate in PKCS12 format. For use on Windows.</td>
</tr>
</table>
This dummy CA is used for on-the-fly generation of
dummy certificates for SSL interception. Since your browser won't trust the
__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL
cert warning every time you visit a new SSL domain through __mitmproxy__. When
you're testing a single site through a browser, just accepting the bogus SSL
cert manually is not too much of a hassle, but there are a number of cases
where you will want to configure your testing system or browser to trust the
__mitmproxy__ CA as a signing root authority:
- If you are testing non-browser software that checks SSL cert validiy. - If you are testing non-browser software that checks SSL cert validiy.
- You are testing an app that makes non-interactive (JSONP, script src, etc.) - You are testing an app that makes non-interactive (JSONP, script src, etc.)