Comments (3)
This is a good idea, and definitely something that could be targeted for 0.8. I'd want to make it optional, though, because I can think of testing situations where the Host header heuristic is better. We already cache certificates, so we can simply initiate a connection upstream when we first see a connection to a host, grab the upstream cert, do the local generation, and from that point on the cached cert will be used instead.
I'll leave this ticket open as a feature request
from mitmproxy.
I'm working on something like this in the upstream-cert branch, which will find its way into 0.8. It pulls not only the CN but also the Subject Alternative Names, and uses them in the generated certs. Please feel free to check it out and help test.
from mitmproxy.
thanks a lot! did some tests, works fine.
from mitmproxy.
Related Issues (20)
- spoof-source-address looks to don't wok HOT 1
- The agent failed, the connection request failed HOT 3
- Android apps like google apps, chess.com etc not working HOT 1
- TLS issues with Windows/Schannel clients since 10.1.2 HOT 10
- Https-sniffing doesn't work for Android APK
- `mitmdump` with `--certs ` doesnt work for iOS HOT 1
- Android 14 System Certificate Issue HOT 1
- MITMProxy exits automatically after sometime HOT 6
- Not able to capture traffic with ios device HOT 3
- Windows: certificate is installed to Intermediate Certification Authorities HOT 13
- mitmweb relative path support doesn't still support flows related requests HOT 1
- mitmweb - disabling the "edit options" button by a cli argument
- Add an option to store CA certificates somewhere other than `confidr` HOT 3
- Getting errors after terminating from mitmproxy console
- Tracking Issue: Local Redirect Mode HOT 5
- Proposal for a Docker and Linux-based Weak Network Simulation Feature HOT 3
- Malformed SANs, or SANs of type other than DNS or IP Address, may raise "UnicodeError: label too long in IDNA decode" in certs.dummy_cert() HOT 3
- [mitmweb] Add SVG response preview support. HOT 3
- HAR server replay missing content length in HEAD response HOT 4
- ignore_hosts and allow_hosts not working as documented HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mitmproxy.