mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-29 11:03:13 +00:00
improve docs, fix #1290
This commit is contained in:
parent
b7430c0775
commit
ac860c6fc0
@ -10,7 +10,8 @@ mechanism:
|
|||||||
mitmproxy's interception leads to errors. For example, the Twitter app, Windows Update or
|
mitmproxy's interception leads to errors. For example, the Twitter app, Windows Update or
|
||||||
the Apple App Store fail to work if mitmproxy is active.
|
the Apple App Store fail to work if mitmproxy is active.
|
||||||
- **Convenience:** You really don't care about some parts of the traffic and just want them to go
|
- **Convenience:** You really don't care about some parts of the traffic and just want them to go
|
||||||
away.
|
away. Note that mitmproxy's "Limit" option is often the better alternative here, as it is
|
||||||
|
not affected by the limitations listed below.
|
||||||
|
|
||||||
If you want to peek into (SSL-protected) non-HTTP connections, check out the :ref:`tcpproxy`
|
If you want to peek into (SSL-protected) non-HTTP connections, check out the :ref:`tcpproxy`
|
||||||
feature.
|
feature.
|
||||||
@ -29,12 +30,15 @@ mitmproxy shortcut :kbd:`o` then :kbd:`I`
|
|||||||
mitmproxy allows you to specify a regex which is matched against a ``host:port`` string
|
mitmproxy allows you to specify a regex which is matched against a ``host:port`` string
|
||||||
(e.g. "example.com:443") to determine hosts that should be excluded.
|
(e.g. "example.com:443") to determine hosts that should be excluded.
|
||||||
|
|
||||||
|
Limitations
|
||||||
|
-----------
|
||||||
|
|
||||||
There are two important quirks to consider:
|
There are two important quirks to consider:
|
||||||
|
|
||||||
- **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the
|
- **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the
|
||||||
hostname from the Host header if the ``--host`` argument is passed to mitmproxy, we do not
|
hostname from the Host header if the ``--host`` argument is passed to mitmproxy, we do not
|
||||||
have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target.
|
have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target.
|
||||||
- In regular mode, explicit HTTP requests are never ignored. [#explicithttp]_ The ignore pattern is
|
- **In regular mode, explicit HTTP requests are never ignored.** [#explicithttp]_ The ignore pattern is
|
||||||
applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections.
|
applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections.
|
||||||
|
|
||||||
Tutorial
|
Tutorial
|
||||||
@ -86,6 +90,7 @@ Here are some other examples for ignore patterns:
|
|||||||
|
|
||||||
- :ref:`tcpproxy`
|
- :ref:`tcpproxy`
|
||||||
- :ref:`responsestreaming`
|
- :ref:`responsestreaming`
|
||||||
|
- mitmproxy's "Limit" feature
|
||||||
|
|
||||||
.. rubric:: Footnotes
|
.. rubric:: Footnotes
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user