From dc44465c9216a241246c290222ccf4aa17e9d407 Mon Sep 17 00:00:00 2001
From: phackt <phackt@protonmail.com>
Date: Tue, 8 Nov 2016 15:39:24 +0100
Subject: [PATCH 1/2] fix SNI for transparent mode - #1638

In transparent mode host is set with the target server ip.
Attribute flow.request.host is used as SNI while mitmproxy is
initiating TLS handshake, so it should be set with the pretty_host.
---
 examples/sslstrip.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/sslstrip.py b/examples/sslstrip.py
index b5e463975..5e1eb56f7 100644
--- a/examples/sslstrip.py
+++ b/examples/sslstrip.py
@@ -16,6 +16,7 @@ def request(flow):
     if flow.request.pretty_host in secure_hosts:
         flow.request.scheme = 'https'
         flow.request.port = 443
+        flow.request.host = flow.request.pretty_host
 
 
 def response(flow):

From 2a2387fb3293bb5cd08c4e18f1d8153619c7ef3b Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Wed, 9 Nov 2016 13:11:31 +0100
Subject: [PATCH 2/2] explain host=pretty_host assignment

---
 examples/sslstrip.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/examples/sslstrip.py b/examples/sslstrip.py
index 5e1eb56f7..9a090c0ca 100644
--- a/examples/sslstrip.py
+++ b/examples/sslstrip.py
@@ -16,6 +16,10 @@ def request(flow):
     if flow.request.pretty_host in secure_hosts:
         flow.request.scheme = 'https'
         flow.request.port = 443
+
+        # We need to update the request destination to whatever is specified in the host header:
+        # Having no TLS Server Name Indication from the client and just an IP address as request.host
+        # in transparent mode, TLS server name certificate validation would fail.
         flow.request.host = flow.request.pretty_host