Programming
How mitmproxy works
Thursday, May 16, 2013
|
Richard Harris |
Aldo Cortesi started work on mitmproxy because he was frustrated with the available interception tools. He had a long list of minor complaints - they were insufficiently flexible, not programmable enough, mostly written in Java (a language I don't enjoy), and so forth. The most serious problem, though, was opacity. The best tools were all closed source and commercial. SSL interception is a complicated and delicate process, and after a certain point, not understanding precisely what your proxy is doing just doesn't fly.
His posts (link below) is now part of the official documentation of mitmproxy. It's a detailed description of mitmproxy's interception process, and is more or less the overview document that he wished he had when starting his first project. Proceed by example, is the simplest unencrypted explicit proxying, and working up to the most complicated interaction - transparent proxying of SSL-protected traffic1 in the presence of SNI.
Read more: http://corte.si/posts/code/mitmproxy/howitworks/in...
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here
