diff options
Diffstat (limited to 'doc-src/sticky.html')
-rw-r--r-- | doc-src/sticky.html | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc-src/sticky.html b/doc-src/sticky.html new file mode 100644 index 00000000..32ccdd2d --- /dev/null +++ b/doc-src/sticky.html @@ -0,0 +1,24 @@ + +When the __stickycookie__ option is set, __mitmproxy__ will add the cookie most +recently set by the server to any cookie-less request. Consider a service that +sets a cookie to track the session after authentication. Using sticky cookies, +you can fire up mitmproxy, and authenticate to a service as you usually would +using a browser. After authentication, you can request authenticated resources +through mitmproxy as if they were unauthenticated, because mitmproxy will +automatically add the session tracking cookie to requests. Among other things, +this lets you script interactions with authenticated resources (using tools +like wget or curl) without having to worry about authentication. + +Sticky cookies are especially powerful when used in conjunction with [client +replay](@!urlTo("clientreplay.html")!@) - you can record the authentication +process once, and simply replay it on startup every time you need to interact +with the secured resources. + + +## Sticky auth + +The __stickyauth__ option is analagous to the __stickycookie__ option, in that +HTTP __Authorization__ headers are simply replayed to the server once they have +been seen. This is enough to allow you to access a server resource using HTTP +Basic authentication through the proxy. Note that __mitmproxy__ doesn't (yet) +support replay of HTTP Digest authentication. |