mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-30 03:14:22 +00:00
4da8054e21
Also, move reverse proxy command-line flag to -P.
16 lines
839 B
HTML
16 lines
839 B
HTML
- command-line: _--upstream-cert_
|
|
- mitmproxy shortcut: _o_, then _u_
|
|
|
|
Normally, mitmproxy uses the target domain specified in a client's proxy
|
|
request to generate an interception certificate. When __upstream-cert__ mode is
|
|
activated a different procedure is followed: a connection is made to the
|
|
specified remote server to retrieve its __Common Name__ and __Subject
|
|
Alternative Names__. This feature is especially useful when the client
|
|
specifies an IP address rather than a host name in the proxy request. If this
|
|
is the case, we can only generate a certificate if we can establish the __CN__
|
|
and __SANs__ from the upstream server.
|
|
|
|
Note that __upstream-cert__ mode does not work when the remote server relies on
|
|
[Server Name Indication](http://en.wikipedia.org/wiki/Server_Name_Indication).
|
|
Luckily, SNI is still not very widely used.
|