diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2011-03-18 17:53:00 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2011-03-18 17:53:00 +1300 |
| commit | 35a952ef3c8a498d67345b61d714fa3aa23cef4a (patch) | |
| tree | 1753292aae9f2e3714fc9c3fd544e4a65fbd5773 | |
| parent | e22fd74d06bf646e7da95cde8f7238763f081276 (diff) | |
| download | mitmproxy-35a952ef3c8a498d67345b61d714fa3aa23cef4a.tar.gz mitmproxy-35a952ef3c8a498d67345b61d714fa3aa23cef4a.tar.bz2 mitmproxy-35a952ef3c8a498d67345b61d714fa3aa23cef4a.zip | |
Docs.
| -rw-r--r-- | doc-src/certinstall/firefox.html | 8 | ||||
| -rw-r--r-- | doc-src/certinstall/osx.html | 6 | ||||
| -rw-r--r-- | doc-src/certinstall/windows7.html | 39 | ||||
| -rw-r--r-- | doc-src/screenshots/osx-addcert.png | bin | 61842 -> 0 bytes | |||
| -rw-r--r-- | doc-src/screenshots/win7-certstore-trustedroot.png | bin | 0 -> 54298 bytes | |||
| -rw-r--r-- | doc-src/screenshots/win7-certstore.png | bin | 0 -> 53142 bytes | |||
| -rw-r--r-- | doc-src/screenshots/win7-wizard.png | bin | 0 -> 85691 bytes | |||
| -rw-r--r-- | doc-src/ssl.html | 37 |
8 files changed, 43 insertions, 47 deletions
diff --git a/doc-src/certinstall/firefox.html b/doc-src/certinstall/firefox.html index f661a619..06a38e21 100644 --- a/doc-src/certinstall/firefox.html +++ b/doc-src/certinstall/firefox.html @@ -1,13 +1,15 @@ -### 1: Open preferences, click on "Advanced", then select"Encryption": +### 1. If needed, copy the ~/.mitmproxy/mitmproxy-ca-cert.pem file to the target. + +### 2: Open preferences, click on "Advanced", then select"Encryption": <img src="@!urlTo('firefox3.jpg')!@"/> -### 2: Click "View Certificates", "Import", and select the certificate file: +### 3: Click "View Certificates", "Import", and select the certificate file: <img src="@!urlTo('firefox3-import.jpg')!@"/> -### 3: Tick "Trust this CS to identify web sites", and click "Ok": +### 4: Tick "Trust this CS to identify web sites", and click "Ok": <img src="@!urlTo('firefox3-trust.jpg')!@"/> diff --git a/doc-src/certinstall/osx.html b/doc-src/certinstall/osx.html index bcb72f50..f0f34d24 100644 --- a/doc-src/certinstall/osx.html +++ b/doc-src/certinstall/osx.html @@ -2,11 +2,7 @@ ### 1: Open Finder, and double-click on the mitmproxy ca.pem file. -### 2: You will be prompted to add the certificate. Click "Add": - -<img src="@!urlTo('osx-addcert.png')!@"/> - -### 3: Click "Always Trust": +### 2: You will be prompted to add the certificate. Click "Always Trust": <img src="@!urlTo('osx-addcert-alwaystrust.png')!@"/> diff --git a/doc-src/certinstall/windows7.html b/doc-src/certinstall/windows7.html index b8632d56..7e447b4e 100644 --- a/doc-src/certinstall/windows7.html +++ b/doc-src/certinstall/windows7.html @@ -1,40 +1,19 @@ -The Windows certificate manager expects a different certificate format from the -one used by mitmproxy. The easiest way to convert the cert to the appropriate -format is to use the Firefox web browser. +These instructions were tested on Windows 7. +### 1: Copy the ~/.mitmproxy/mitmproxy-ca-cert.p12 file to the target system. -### 1: Make sure Firefox is installed on the system. +### 2: Double-click the certificate file. You should see a certificate import wizard: -### 2: Fire up mitmproxy on the interception host. - -### 3: Configure Firefox to use the mitmproxy interceptor. - -### 4: Using Firefox, browse to an SSL-protected domain. You will see a warning: - - -### 5: Click "I understand the risks" and "Add Exception": - - -### 6: Click "Get certificate", "View", and switch to the "Details" tab: - - -### 7: Click "Export", and save the certificate in "X.509 Certificate (PEM)" format: - - -### 8: Next, start a command prompt, and type "certmgr" to start the Certificate Manager: - - -### 9: From the top menu, select "Action", "All tasks", and then "Import": - - -### 10: Click "Next", and browse to select the cert we just exported from Firefox: - - -### 11: Click "Next", and "Finish" to complete the import. Accept all warning prompts. +<img src="@!urlTo('win7-wizard.png')!@"/> +### 3: Click "Next" until you're prompted for the certificate store: +<img src="@!urlTo('win7-certstore.png')!@"/> +### 4: Select "Place all certificates in the following store, and select "Trusted Root Certification Authorities": +<img src="@!urlTo('win7-certstore-trustedroot.png')!@"/> +### 5: Click "Next" and "Finish". diff --git a/doc-src/screenshots/osx-addcert.png b/doc-src/screenshots/osx-addcert.png Binary files differdeleted file mode 100644 index 16dd0284..00000000 --- a/doc-src/screenshots/osx-addcert.png +++ /dev/null diff --git a/doc-src/screenshots/win7-certstore-trustedroot.png b/doc-src/screenshots/win7-certstore-trustedroot.png Binary files differnew file mode 100644 index 00000000..31073f0b --- /dev/null +++ b/doc-src/screenshots/win7-certstore-trustedroot.png diff --git a/doc-src/screenshots/win7-certstore.png b/doc-src/screenshots/win7-certstore.png Binary files differnew file mode 100644 index 00000000..11bd4540 --- /dev/null +++ b/doc-src/screenshots/win7-certstore.png diff --git a/doc-src/screenshots/win7-wizard.png b/doc-src/screenshots/win7-wizard.png Binary files differnew file mode 100644 index 00000000..5017f2c5 --- /dev/null +++ b/doc-src/screenshots/win7-wizard.png diff --git a/doc-src/ssl.html b/doc-src/ssl.html index eb68dc95..7df6771b 100644 --- a/doc-src/ssl.html +++ b/doc-src/ssl.html @@ -2,15 +2,34 @@ SSL === -The first time __mitmproxy__ or __mitmdump__ is started, a dummy SSL -certificate authority is generated (the default location is -~/.mitmproxy/ca.pem). This dummy CA is used to generate dummy certificates for -SSL interception on-the-fly. Since your browser won't trust the __mitmproxy__ -dummy CA out of the box (and rightly so), so you will see an SSL cert warning -every time you visit a new SSL domain through __mitmproxy__. When you're -testing a single site, just accepting the bogus SSL cert manually is not too -much of a hassle, but there are a number of cases where you will want to -configure your testing system or browser to trust __mitmproxy__: +The first time __mitmproxy__ or __mitmdump__ is started, the following set of +certificate files for a dummy Certificate Authority are created in the config +directory (~/.mitmproxy by default): + +<table> + <tr> + <td>mitmproxy-ca.pem</td> + <td>The private key and certificate in PEM format.</td> + </tr> + <tr> + <td>mitmproxy-ca-cert.pem</td> + <td>Just the certificate in PEM format. Use this to distribute to most + non-Windows platforms.</td> + </tr> + <tr> + <td>mitmproxy-ca-cert.p12</td> + <td>Just the certificate in PKCS12 format. For use on Windows.</td> + </tr> +</table> + +This dummy CA is used for on-the-fly generation of +dummy certificates for SSL interception. Since your browser won't trust the +__mitmproxy__ dummy CA out of the box (and rightly so), so you will see an SSL +cert warning every time you visit a new SSL domain through __mitmproxy__. When +you're testing a single site through a browser, just accepting the bogus SSL +cert manually is not too much of a hassle, but there are a number of cases +where you will want to configure your testing system or browser to trust the +__mitmproxy__ CA as a signing root authority: - If you are testing non-browser software that checks SSL cert validiy. - You are testing an app that makes non-interactive (JSONP, script src, etc.) |
