diff options
author | David Weinstein <dweinst@insitusec.com> | 2016-01-26 13:09:22 -0500 |
---|---|---|
committer | David Weinstein <dweinst@insitusec.com> | 2016-01-26 13:09:22 -0500 |
commit | 4be8d148b13ae15d6b0f287935d3dc53a40cdf28 (patch) | |
tree | 541a225b6dc6dcead0b70a7cf4d65b5aafef0154 /docs/features | |
parent | 8f8c2efccd52f9791cc5990f9863cdd02617bc0d (diff) | |
download | mitmproxy-4be8d148b13ae15d6b0f287935d3dc53a40cdf28.tar.gz mitmproxy-4be8d148b13ae15d6b0f287935d3dc53a40cdf28.tar.bz2 mitmproxy-4be8d148b13ae15d6b0f287935d3dc53a40cdf28.zip |
Add SNI ignore docs and have code match it
Diffstat (limited to 'docs/features')
-rw-r--r-- | docs/features/passthrough.rst | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/features/passthrough.rst b/docs/features/passthrough.rst index 80521393..b7b5df84 100644 --- a/docs/features/passthrough.rst +++ b/docs/features/passthrough.rst @@ -31,9 +31,9 @@ mitmproxy allows you to specify a regex which is matched against a ``host:port`` There are two important quirks to consider: -- **In transparent mode, the ignore pattern is matched against the IP.** While we usually infer the +- **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the hostname from the Host header if the :option:`--host` argument is passed to mitmproxy, we do not - have access to this information before the SSL handshake. + have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target. - In regular mode, explicit HTTP requests are never ignored. [#explicithttp]_ The ignore pattern is applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections. |