Add instructions for installing the CA in the IOS Simulator.

This commit is contained in:
Aldo Cortesi 2013-03-17 10:35:40 +13:00
parent bc1e457097
commit b6727bf7d2
5 changed files with 41 additions and 18 deletions

View File

@ -19,3 +19,7 @@ pre {
.tablenum { .tablenum {
font-weight: bold; font-weight: bold;
} }
.nowrap {
white-space: nowrap;
}

View File

@ -37,12 +37,13 @@
$!nav("reverseproxy.html", this, state)!$ $!nav("reverseproxy.html", this, state)!$
$!nav("upstreamcerts.html", this, state)!$ $!nav("upstreamcerts.html", this, state)!$
<li class="nav-header">SSL interception</li> <li class="nav-header">Installing Certificates</li>
$!nav("ssl.html", this, state)!$ $!nav("ssl.html", this, state)!$
$!nav("certinstall/firefox.html", this, state)!$ $!nav("certinstall/firefox.html", this, state)!$
$!nav("certinstall/osx.html", this, state)!$ $!nav("certinstall/osx.html", this, state)!$
$!nav("certinstall/windows7.html", this, state)!$ $!nav("certinstall/windows7.html", this, state)!$
$!nav("certinstall/ios.html", this, state)!$ $!nav("certinstall/ios.html", this, state)!$
$!nav("certinstall/ios-simulator.html", this, state)!$
$!nav("certinstall/android.html", this, state)!$ $!nav("certinstall/android.html", this, state)!$
<li class="nav-header">Transparent Proxying</li> <li class="nav-header">Transparent Proxying</li>

View File

@ -5,5 +5,6 @@ pages = [
Page("osx.html", "OSX"), Page("osx.html", "OSX"),
Page("windows7.html", "Windows 7"), Page("windows7.html", "Windows 7"),
Page("ios.html", "IOS"), Page("ios.html", "IOS"),
Page("ios-simulator.html", "IOS Simulator"),
Page("android.html", "Android"), Page("android.html", "Android"),
] ]

View File

@ -0,0 +1,23 @@
How to install the __mitmproxy__ certificate authority in the IOS simulator:
<ol>
<li> First, check out the <a
href="https://github.com/ADVTOOLS/ADVTrustStore">ADVTrustStore</a> tool
from github.</li>
<li> Now, run the following command:
<pre class="terminal">./iosCertTrustManager.py -a ~/.mitmproxy/mitmproxy-ca-cert.pem</pre>
</li>
</ol>
Note that although the IOS simulator has its own certificate store, it shares
the proxy settings of the host operating system. You will therefore to have
configure your OSX host's proxy settings to use the mitmproxy instance you want
to test with.

View File

@ -1,24 +1,24 @@
The first time __mitmproxy__ or __mitmdump__ is started, the following set of The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files
certificate files for a dummy Certificate Authority are created in the config for the mitmproxy Certificate Authority are created in the config directory
directory (~/.mitmproxy by default): (~/.mitmproxy by default). The files are as follows:
<table class="table"> <table class="table">
<tr> <tr>
<td>mitmproxy-ca.pem</td> <td class="nowrap">mitmproxy-ca.pem</td>
<td>The private key and certificate in PEM format.</td> <td>The private key and certificate in PEM format.</td>
</tr> </tr>
<tr> <tr>
<td>mitmproxy-ca-cert.pem</td> <td class="nowrap">mitmproxy-ca-cert.pem</td>
<td>The certificate in PEM format. Use this to distribute to most <td>The certificate in PEM format. Use this to distribute to most
non-Windows platforms.</td> non-Windows platforms.</td>
</tr> </tr>
<tr> <tr>
<td>mitmproxy-ca-cert.p12</td> <td class="nowrap">mitmproxy-ca-cert.p12</td>
<td>The certificate in PKCS12 format. For use on Windows.</td> <td>The certificate in PKCS12 format. For use on Windows.</td>
</tr> </tr>
<tr> <tr>
<td>mitmproxy-ca-cert.cer</td> <td class="nowrap">mitmproxy-ca-cert.cer</td>
<td>Same file as .pem, but with an extension expected by some Android <td>Same file as .pem, but with an extension expected by some Android
devices.</td> devices.</td>
</tr> </tr>
@ -29,16 +29,9 @@ interception. Since your browser won't trust the __mitmproxy__ CA out of the
box (and rightly so), you will see an SSL cert warning every time you visit a box (and rightly so), you will see an SSL cert warning every time you visit a
new SSL domain through __mitmproxy__. When you're testing a single site through new SSL domain through __mitmproxy__. When you're testing a single site through
a browser, just accepting the bogus SSL cert manually is not too much trouble, a browser, just accepting the bogus SSL cert manually is not too much trouble,
but there are a number of cases where you will want to configure your testing but there are a many circumstances where you will want to configure your
system or browser to trust the __mitmproxy__ CA as a signing root authority: testing system or browser to trust the __mitmproxy__ CA as a signing root
authority.
- If you are testing non-browser software that checks SSL cert validity using
the system certificate store.
- You are testing an app that makes non-interactive (JSONP, script src, etc.)
requests to SSL resources. Another workaround in this case is to manually visit
the page through the browser, and add a certificate exception.
- You just don't want to deal with the hassle of continuously adding cert
exceptions.
Installing the mitmproxy CA Installing the mitmproxy CA
@ -48,4 +41,5 @@ Installing the mitmproxy CA
* [OSX](@!urlTo("certinstall/osx.html")!@) * [OSX](@!urlTo("certinstall/osx.html")!@)
* [Windows 7](@!urlTo("certinstall/windows7.html")!@) * [Windows 7](@!urlTo("certinstall/windows7.html")!@)
* [iPhone/iPad](@!urlTo("certinstall/ios.html")!@) * [iPhone/iPad](@!urlTo("certinstall/ios.html")!@)
* [IOS Simulator](@!urlTo("certinstall/ios-simulator.html")!@)