diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2015-09-07 10:52:18 +0200 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2015-09-07 10:52:18 +0200 |
| commit | c4286b15dc3d95f52b7ce5b5292796109fa77f3f (patch) | |
| tree | c83c666e6f82df7c397e4291bb3a0f32d7d864ae /docs/howmitmproxy.rst | |
| parent | 31ee4607c892f85c5d139e54acbc3ca4f9fb6bcb (diff) | |
| download | mitmproxy-c4286b15dc3d95f52b7ce5b5292796109fa77f3f.tar.gz mitmproxy-c4286b15dc3d95f52b7ce5b5292796109fa77f3f.tar.bz2 mitmproxy-c4286b15dc3d95f52b7ce5b5292796109fa77f3f.zip | |
docs: minor fixes
Diffstat (limited to 'docs/howmitmproxy.rst')
| -rw-r--r-- | docs/howmitmproxy.rst | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/docs/howmitmproxy.rst b/docs/howmitmproxy.rst index 8bc20792..4bdaeae5 100644 --- a/docs/howmitmproxy.rst +++ b/docs/howmitmproxy.rst @@ -210,24 +210,25 @@ explicit HTTPS connections to establish the CN and SANs, and cope with SNI. .. image:: schematics/how-mitmproxy-works-transparent-https.png :align: center -1. The client makes a connection to the server. -2. The router redirects the connection to mitmproxy, which is typically listening on a local port of - the same host. Mitmproxy then consults the routing mechanism to establish what the original - destination was. -3. The client believes it's talking to the remote server, and initiates the SSL connection. It uses - SNI to indicate the hostname it is connecting to. -4. Mitmproxy connects to the server, and establishes an SSL connection using the SNI hostname - indicated by the client. -5. The server responds with the matching SSL certificate, which contains the CN and SAN values - needed to generate the interception certificate. -6. Mitmproxy generates the interception cert, and continues the client SSL handshake paused in - step 3. -7. The client sends the request over the established SSL connection. -8. Mitmproxy passes the request on to the server over the SSL connection initiated in step 4. + 1. The client makes a connection to the server. + 2. The router redirects the connection to mitmproxy, which is typically listening on a local port + of the same host. Mitmproxy then consults the routing mechanism to establish what the original + destination was. + 3. The client believes it's talking to the remote server, and initiates the SSL connection. + It uses SNI to indicate the hostname it is connecting to. + 4. Mitmproxy connects to the server, and establishes an SSL connection using the SNI hostname + indicated by the client. + 5. The server responds with the matching SSL certificate, which contains the CN and SAN values + needed to generate the interception certificate. + 6. Mitmproxy generates the interception cert, and continues the client SSL handshake paused in + step 3. + 7. The client sends the request over the established SSL connection. + 8. Mitmproxy passes the request on to the server over the SSL connection initiated in step 4. .. rubric:: Footnotes -.. [#ssl] I use "SSL" to refer to both SSL and TLS in the generic sense, unless otherwise specified. +.. [#ssl] I use "SSL" to refer to both SSL and TLS in the generic sense, unless otherwise + specified. .. _Server Name Indication: https://en.wikipedia.org/wiki/Server_Name_Indication .. _HTTP RFC: https://tools.ietf.org/html/rfc7230 |