Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-25 18:03:50 +00:00
Code Issues Projects Releases Wiki Activity

improve docs, fix #1290

Browse Source
This commit is contained in:
Maximilian Hils 2016-06-29 00:38:11 -07:00
parent b7430c0775
commit ac860c6fc0
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/features/passthrough.rst
View File

@ -10,7 +10,8 @@ mechanism:
mitmproxy's interception leads to errors. For example, the Twitter app, Windows Update or mitmproxy's interception leads to errors. For example, the Twitter app, Windows Update or
the Apple App Store fail to work if mitmproxy is active. the Apple App Store fail to work if mitmproxy is active.
- **Convenience:** You really don't care about some parts of the traffic and just want them to go - **Convenience:** You really don't care about some parts of the traffic and just want them to go
away. away. Note that mitmproxy's "Limit" option is often the better alternative here, as it is
not affected by the limitations listed below.
If you want to peek into (SSL-protected) non-HTTP connections, check out the :ref:`tcpproxy` If you want to peek into (SSL-protected) non-HTTP connections, check out the :ref:`tcpproxy`
feature. feature.
@ -29,12 +30,15 @@ mitmproxy shortcut :kbd:`o` then :kbd:`I`
mitmproxy allows you to specify a regex which is matched against a ``host:port`` string mitmproxy allows you to specify a regex which is matched against a ``host:port`` string
(e.g. "example.com:443") to determine hosts that should be excluded. (e.g. "example.com:443") to determine hosts that should be excluded.
Limitations
-----------
There are two important quirks to consider: There are two important quirks to consider:
- **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the - **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the
hostname from the Host header if the ``--host`` argument is passed to mitmproxy, we do not hostname from the Host header if the ``--host`` argument is passed to mitmproxy, we do not
have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target. have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target.
- In regular mode, explicit HTTP requests are never ignored. [#explicithttp]_ The ignore pattern is - **In regular mode, explicit HTTP requests are never ignored.** [#explicithttp]_ The ignore pattern is
applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections. applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections.
Tutorial Tutorial
@ -86,6 +90,7 @@ Here are some other examples for ignore patterns:
- :ref:`tcpproxy` - :ref:`tcpproxy`
- :ref:`responsestreaming` - :ref:`responsestreaming`
- mitmproxy's "Limit" feature
.. rubric:: Footnotes .. rubric:: Footnotes