consolidated down all SSL documentation into one document

2024-11-27 02:24:18 +00:00 · 2015-03-18 00:22:18 -04:00 · 2015-03-18 00:22:18 -04:00 · e0e36f5dae
commit e0e36f5dae
parent f3dab52a62
6 changed files with 3 additions and 109 deletions
--- a/doc-src/_nav.html
+++ b/doc-src/_nav.html
@ -29,8 +29,7 @@
    <li class="nav-header">Installing Certificates</li>
-        $!nav("ssl.html", this, state)!$
+        $!nav("certinstall/ssl.html", this, state)!$
        $!nav("certinstall/webapp.html", this, state)!$
    <li class="nav-header">Transparent Proxying</li>
        $!nav("transparent.html", this, state)!$
--- a/doc-src/certinstall/index.py
+++ b/doc-src/certinstall/index.py
@ -1,6 +1,6 @@
 from countershape import Page
 pages = [
-    Page("webapp.html", "Using the Web App"),
+    Page("ssl.html", "SSL Options"),
    Page("mitm.it-error.html", "Error: No proxy configured"),
 ]
--- a/doc-src/certinstall/webapp.html
+++ b/doc-src/certinstall/webapp.html
@ -1,13 +0,0 @@
 By far the easiest way to install the mitmproxy certs is to use the built-in
 web app. To do this, start mitmproxy and configure your target device with the
 correct proxy settings. Now start a browser on the device, and visit the magic
 domain **mitm.it**. You should see something like this:
 <img src="@!urlTo("webapp.png")!@"></img>
 Just click on the relevant icon, and then follow the setup instructions
 for the platform you're on.
 Make sure you aren't using a bandwith optimizer (like Google's Data Compression
 Proxy on Chrome for Android) or the page will not load.
--- a/doc-src/index.py
+++ b/doc-src/index.py
@ -67,7 +67,6 @@ pages = [
    Page("mitmdump.html", "mitmdump"),
    Page("config.html", "configuration"),
    Page("ssl.html", "Overview"),
    Directory("certinstall"),
    Directory("scripting"),
    Directory("tutorials"),
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@ -1,91 +0,0 @@
 The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files
 for the mitmproxy Certificate Authority are created in the config directory
 (~/.mitmproxy by default). This CA is used for on-the-fly generation of dummy
 certificates for SSL interception. Since your browser won't trust the
 __mitmproxy__ CA out of the box (and rightly so), you will see an SSL cert
 warning every time you visit a new SSL domain through __mitmproxy__. When
 you're testing a single site through a browser, just accepting the bogus SSL
 cert manually is not too much trouble, but there are a many circumstances where
 you will want to configure your testing system or browser to trust the
 __mitmproxy__ CA as a signing root authority.
 CA and cert files
 -----------------
 The files created by mitmproxy in the .mitmproxy directory are as follows: 
 <table class="table">
    <tr>
        <td class="nowrap">mitmproxy-ca.pem</td>
        <td>The private key and certificate in PEM format.</td>
    </tr>
    <tr>
        <td class="nowrap">mitmproxy-ca-cert.pem</td>
        <td>The certificate in PEM format. Use this to distribute to most
        non-Windows platforms.</td>
    </tr>
    <tr>
        <td class="nowrap">mitmproxy-ca-cert.p12</td>
        <td>The certificate in PKCS12 format. For use on Windows.</td>
    </tr>
    <tr>
        <td class="nowrap">mitmproxy-ca-cert.cer</td>
        <td>Same file as .pem, but with an extension expected by some Android
        devices.</td>
    </tr>
 </table>
 Using a custom certificate
 --------------------------
 You can use your own certificate by passing the <kbd>--cert</kbd> option to mitmproxy. mitmproxy then uses the provided
 certificate for interception of the specified domains instead of generating a cert signed by its own CA.
 The certificate file is expected to be in the PEM format.
 You can include intermediary certificates right below your leaf certificate, so that you PEM file roughly looks like
 this:
 <pre>
 -----BEGIN PRIVATE KEY-----
 &lt;private key&gt;
 -----END PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 &lt;cert&gt;
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 &lt;intermediary cert (optional)&gt;
 -----END CERTIFICATE-----
 </pre>
 For example, you can generate a certificate in this format using these instructions:
 <pre class="terminal">
 > openssl genrsa -out cert.key 8192
 > openssl req -new -x509 -key cert.key -out cert.crt
    (Specify the mitm domain as Common Name, e.g. *.google.com)
 > cat cert.key cert.crt > cert.pem
 > mitmproxy --cert=cert.pem
 </pre>
 Using a client side certificate
 ------------------------------------
 You can use a client certificate by passing the <kbd>--client-certs DIRECTORY</kbd> option to mitmproxy.
 If you visit example.org, mitmproxy looks for a file named example.org.pem in the specified directory
 and uses this as the client cert. The certificate file needs to be in the PEM format and should contain
 both the unencrypted private key as well as the certificate.
 Using a custom certificate authority
 ------------------------------------
 By default, mitmproxy will (generate and) use <samp>~/.mitmproxy/mitmproxy-ca.pem</samp> as the default certificate
 authority to generate certificates for all domains for which no custom certificate is provided (see above).
 You can use your own certificate authority by passing the <kbd>--confdir</kbd> option to mitmproxy.
 mitmproxy will then look for <samp>mitmproxy-ca.pem</samp> in the specified directory. If no such file exists,
 it will be generated automatically.
--- a/doc-src/tutorials/gamecenter.html
+++ b/doc-src/tutorials/gamecenter.html
@ -3,7 +3,7 @@
 In this tutorial, I'm going to show you how simple it is to creatively
 interfere with Apple Game Center traffic using mitmproxy. To set things up, 
-you must install the [mitmproxy root certificate](@!urlTo("certinstall/webapp.html")!@). I then
+you must install the [mitmproxy root certificate](@!urlTo("certinstall/ssl.html")!@). I then
 started mitmproxy on my desktop, and configured the iPhone to use it as a
 proxy.