Add instructions for installing the CA in the IOS Simulator.

This commit is contained in:
Aldo Cortesi 2013-03-17 10:35:40 +13:00
parent bc1e457097
commit b6727bf7d2
5 changed files with 41 additions and 18 deletions

View File

@ -19,3 +19,7 @@ pre {
.tablenum {
font-weight: bold;
}
.nowrap {
white-space: nowrap;
}

View File

@ -37,12 +37,13 @@
$!nav("reverseproxy.html", this, state)!$
$!nav("upstreamcerts.html", this, state)!$
<li class="nav-header">SSL interception</li>
<li class="nav-header">Installing Certificates</li>
$!nav("ssl.html", this, state)!$
$!nav("certinstall/firefox.html", this, state)!$
$!nav("certinstall/osx.html", this, state)!$
$!nav("certinstall/windows7.html", this, state)!$
$!nav("certinstall/ios.html", this, state)!$
$!nav("certinstall/ios-simulator.html", this, state)!$
$!nav("certinstall/android.html", this, state)!$
<li class="nav-header">Transparent Proxying</li>

View File

@ -5,5 +5,6 @@ pages = [
Page("osx.html", "OSX"),
Page("windows7.html", "Windows 7"),
Page("ios.html", "IOS"),
Page("ios-simulator.html", "IOS Simulator"),
Page("android.html", "Android"),
]

View File

@ -0,0 +1,23 @@
How to install the __mitmproxy__ certificate authority in the IOS simulator:
<ol>
<li> First, check out the <a
href="https://github.com/ADVTOOLS/ADVTrustStore">ADVTrustStore</a> tool
from github.</li>
<li> Now, run the following command:
<pre class="terminal">./iosCertTrustManager.py -a ~/.mitmproxy/mitmproxy-ca-cert.pem</pre>
</li>
</ol>
Note that although the IOS simulator has its own certificate store, it shares
the proxy settings of the host operating system. You will therefore to have
configure your OSX host's proxy settings to use the mitmproxy instance you want
to test with.

View File

@ -1,24 +1,24 @@
The first time __mitmproxy__ or __mitmdump__ is started, the following set of
certificate files for a dummy Certificate Authority are created in the config
directory (~/.mitmproxy by default):
The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files
for the mitmproxy Certificate Authority are created in the config directory
(~/.mitmproxy by default). The files are as follows:
<table class="table">
<tr>
<td>mitmproxy-ca.pem</td>
<td class="nowrap">mitmproxy-ca.pem</td>
<td>The private key and certificate in PEM format.</td>
</tr>
<tr>
<td>mitmproxy-ca-cert.pem</td>
<td class="nowrap">mitmproxy-ca-cert.pem</td>
<td>The certificate in PEM format. Use this to distribute to most
non-Windows platforms.</td>
</tr>
<tr>
<td>mitmproxy-ca-cert.p12</td>
<td class="nowrap">mitmproxy-ca-cert.p12</td>
<td>The certificate in PKCS12 format. For use on Windows.</td>
</tr>
<tr>
<td>mitmproxy-ca-cert.cer</td>
<td class="nowrap">mitmproxy-ca-cert.cer</td>
<td>Same file as .pem, but with an extension expected by some Android
devices.</td>
</tr>
@ -29,16 +29,9 @@ interception. Since your browser won't trust the __mitmproxy__ CA out of the
box (and rightly so), you will see an SSL cert warning every time you visit a
new SSL domain through __mitmproxy__. When you're testing a single site through
a browser, just accepting the bogus SSL cert manually is not too much trouble,
but there are a number of cases where you will want to configure your testing
system or browser to trust the __mitmproxy__ CA as a signing root authority:
- If you are testing non-browser software that checks SSL cert validity using
the system certificate store.
- You are testing an app that makes non-interactive (JSONP, script src, etc.)
requests to SSL resources. Another workaround in this case is to manually visit
the page through the browser, and add a certificate exception.
- You just don't want to deal with the hassle of continuously adding cert
exceptions.
but there are a many circumstances where you will want to configure your
testing system or browser to trust the __mitmproxy__ CA as a signing root
authority.
Installing the mitmproxy CA
@ -48,4 +41,5 @@ Installing the mitmproxy CA
* [OSX](@!urlTo("certinstall/osx.html")!@)
* [Windows 7](@!urlTo("certinstall/windows7.html")!@)
* [iPhone/iPad](@!urlTo("certinstall/ios.html")!@)
* [IOS Simulator](@!urlTo("certinstall/ios-simulator.html")!@)