Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 00:01:36 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #822 from ddworken/master

Browse Source 
Added information on cert pinning (Fixes #689)
This commit is contained in:
Maximilian Hils 2015-11-07 11:30:28 -08:00
commit 9298325ca5
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/certinstall.rst
View File

@ -105,6 +105,16 @@ configure your testing system or browser to trust the mitmproxy CA as a
signing root authority. For security reasons, the mitmproxy CA is generated uniquely on the first signing root authority. For security reasons, the mitmproxy CA is generated uniquely on the first
start and is not shared between mitmproxy installations on different devices. start and is not shared between mitmproxy installations on different devices.
Some applications pin their SSL certificates in order to prevent MITM attacks.
This means that **mitmproxy** and **mitmdump's** certificates will not be
accepted by these applications. This is because when an application pins a
certificate it requires that SSL traffic is encrypted with a specific
certificate rather than any certificate that is signed by a trusted Certificate
Authority (CA). In order to work around this, it is recommended to use the
`Ignore Domains <http://docs.mitmproxy.org/en/stable/features/passthrough.html#ignore-domains>`_
feature in order to prevent **mitmproxy** and **mitmdump** from intercepting
traffic to these specific domains.
CA and cert files CA and cert files
----------------- -----------------