debugginghttphttp2man-in-the-middlemitmproxyproxypythonsecuritysslstarred-mitmproxy-repostarred-repotlswebsocket
2c1802692d
* options: add request_client_cert to enable mutual TLS This capability was already built-in but hard-coded to be disabled. Making it configurable as option (defaulting to off) enables mTLS connections between clients and mitmproxy. If true, mitmproxy will send a TLS `CertificateRequest` message to the client during the TLS handshake, upon which a client needs to present a client certificate to mitmproxy to successfully establish an mTLS connection. This option can be used together with the `client_certs` option to also establish an mTLS connection between mitmproxy and the upstream server. In this case, mitmproxy needs to have a full client cert, including matching private key, that is trusted and accepted by the upstream server. This is a common scenario with MQTT or IoT connections. Example usage: $ mitmproxy --set request_client_cert=True --set client_certs=some_directory/ With `some_directory/` containing a `mqtt.example.com.pem` x509 certificate file (including private key). This allows a client connecting using mTLS, to be intercepted by mitmproxy, which is itself establishing an mTLS connection to the `mqtt.example.com` upstream server. Restricting the client_certs using a directory and PEM files named after the upstream domain, narrows down the mTLS requirement to this single domain, while leaving all other traffic through mitmproxy untouched (normal TLS without client certs). * add CHANGELOG entry * docs++ * swap section order, re-add example --------- Co-authored-by: Maximilian Hils <git@maximilianhils.com> Co-authored-by: Maximilian Hils <github@maximilianhils.com> |
||
|---|---|---|
| .github | ||
| docs | ||
| examples | ||
| mitmproxy | ||
| release | ||
| test | ||
| web | ||
| .gitattributes | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.md | ||
| SECURITY.md | ||
| codecov.yml | ||
| pyproject.toml | ||
README.md
mitmproxy
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console
interface for HTTP/1, HTTP/2, and WebSockets.
mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.
mitmweb is a web-based interface for mitmproxy.
Installation
The installation instructions are here. If you want to install from source, see CONTRIBUTING.md.
Documentation & Help
General information, tutorials, and precompiled binaries can be found on the mitmproxy website.
The documentation for mitmproxy is available on our website:
If you have questions on how to use mitmproxy, please use GitHub Discussions!
Contributing
As an open source project, mitmproxy welcomes contributions of all forms.