consolidated down all SSL documentation into one document

2024-11-23 08:11:00 +00:00 · 2015-03-18 00:22:18 -04:00 · 2015-03-18 00:22:18 -04:00 · e0e36f5dae
commit e0e36f5dae
parent f3dab52a62
6 changed files with 3 additions and 109 deletions
--- a/doc-src/_nav.html
+++ b/doc-src/_nav.html
@ -29,8 +29,7 @@


    <li class="nav-header">Installing Certificates</li>
-        $!nav("ssl.html", this, state)!$
-        $!nav("certinstall/webapp.html", this, state)!$
+        $!nav("certinstall/ssl.html", this, state)!$

    <li class="nav-header">Transparent Proxying</li>
        $!nav("transparent.html", this, state)!$
--- a/doc-src/certinstall/index.py
+++ b/doc-src/certinstall/index.py
@ -1,6 +1,6 @@
 from countershape import Page

 pages = [
-    Page("webapp.html", "Using the Web App"),
+    Page("ssl.html", "SSL Options"),
    Page("mitm.it-error.html", "Error: No proxy configured"),
 ]
--- a/doc-src/certinstall/webapp.html
+++ b/doc-src/certinstall/webapp.html
@ -1,13 +0,0 @@
-
-By far the easiest way to install the mitmproxy certs is to use the built-in
-web app. To do this, start mitmproxy and configure your target device with the
-correct proxy settings. Now start a browser on the device, and visit the magic
-domain **mitm.it**. You should see something like this:
-
-<img src="@!urlTo("webapp.png")!@"></img>
-
-Just click on the relevant icon, and then follow the setup instructions
-for the platform you're on.
-
-Make sure you aren't using a bandwith optimizer (like Google's Data Compression
-Proxy on Chrome for Android) or the page will not load.
--- a/doc-src/index.py
+++ b/doc-src/index.py
@ -67,7 +67,6 @@ pages = [
    Page("mitmdump.html", "mitmdump"),
    Page("config.html", "configuration"),

-    Page("ssl.html", "Overview"),
    Directory("certinstall"),
    Directory("scripting"),
    Directory("tutorials"),
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@ -1,91 +0,0 @@
-
-The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files
-for the mitmproxy Certificate Authority are created in the config directory
-(~/.mitmproxy by default). This CA is used for on-the-fly generation of dummy
-certificates for SSL interception. Since your browser won't trust the
-__mitmproxy__ CA out of the box (and rightly so), you will see an SSL cert
-warning every time you visit a new SSL domain through __mitmproxy__. When
-you're testing a single site through a browser, just accepting the bogus SSL
-cert manually is not too much trouble, but there are a many circumstances where
-you will want to configure your testing system or browser to trust the
-__mitmproxy__ CA as a signing root authority.
-
-
-CA and cert files
-----------------
-
-The files created by mitmproxy in the .mitmproxy directory are as follows: 
-
-<table class="table">
-    <tr>
-        <td class="nowrap">mitmproxy-ca.pem</td>
-        <td>The private key and certificate in PEM format.</td>
-    </tr>
-    <tr>
-        <td class="nowrap">mitmproxy-ca-cert.pem</td>
-        <td>The certificate in PEM format. Use this to distribute to most
-        non-Windows platforms.</td>
-    </tr>
-    <tr>
-        <td class="nowrap">mitmproxy-ca-cert.p12</td>
-        <td>The certificate in PKCS12 format. For use on Windows.</td>
-    </tr>
-    <tr>
-        <td class="nowrap">mitmproxy-ca-cert.cer</td>
-        <td>Same file as .pem, but with an extension expected by some Android
-        devices.</td>
-    </tr>
-</table>
-    
-
-Using a custom certificate
--------------------------
-
-You can use your own certificate by passing the <kbd>--cert</kbd> option to mitmproxy. mitmproxy then uses the provided
-certificate for interception of the specified domains instead of generating a cert signed by its own CA.
-
-The certificate file is expected to be in the PEM format.
-You can include intermediary certificates right below your leaf certificate, so that you PEM file roughly looks like
-this:
-
-<pre>
-----BEGIN PRIVATE KEY-----
-&lt;private key&gt;
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-&lt;cert&gt;
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-&lt;intermediary cert (optional)&gt;
-----END CERTIFICATE-----
-</pre>
-
-For example, you can generate a certificate in this format using these instructions:
-
-<pre class="terminal">
-> openssl genrsa -out cert.key 8192
-> openssl req -new -x509 -key cert.key -out cert.crt
-    (Specify the mitm domain as Common Name, e.g. *.google.com)
-> cat cert.key cert.crt > cert.pem
-> mitmproxy --cert=cert.pem
-</pre>
-
-Using a client side certificate
------------------------------------
-You can use a client certificate by passing the <kbd>--client-certs DIRECTORY</kbd> option to mitmproxy.
-If you visit example.org, mitmproxy looks for a file named example.org.pem in the specified directory
-and uses this as the client cert. The certificate file needs to be in the PEM format and should contain
-both the unencrypted private key as well as the certificate.
-
-
-Using a custom certificate authority
------------------------------------
-
-By default, mitmproxy will (generate and) use <samp>~/.mitmproxy/mitmproxy-ca.pem</samp> as the default certificate
-authority to generate certificates for all domains for which no custom certificate is provided (see above).
-You can use your own certificate authority by passing the <kbd>--confdir</kbd> option to mitmproxy.
-mitmproxy will then look for <samp>mitmproxy-ca.pem</samp> in the specified directory. If no such file exists,
-it will be generated automatically.
-
-
-
--- a/doc-src/tutorials/gamecenter.html
+++ b/doc-src/tutorials/gamecenter.html
@ -3,7 +3,7 @@

 In this tutorial, I'm going to show you how simple it is to creatively
 interfere with Apple Game Center traffic using mitmproxy. To set things up, 
-you must install the [mitmproxy root certificate](@!urlTo("certinstall/webapp.html")!@). I then
+you must install the [mitmproxy root certificate](@!urlTo("certinstall/ssl.html")!@). I then
 started mitmproxy on my desktop, and configured the iPhone to use it as a
 proxy.