diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2011-01-17 16:14:20 +1300 | 
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2011-01-17 16:14:20 +1300 | 
| commit | 2f5de240988db1e5d4f799bd7f66225ad2063841 (patch) | |
| tree | 4fa3be01727b25b1ec3ff255d353e1afb89c3b33 /doc-src | |
| parent | 324c175d028209ca79555f8c80ad3837dcfafc66 (diff) | |
| download | mitmproxy-2f5de240988db1e5d4f799bd7f66225ad2063841.tar.gz mitmproxy-2f5de240988db1e5d4f799bd7f66225ad2063841.tar.bz2 mitmproxy-2f5de240988db1e5d4f799bd7f66225ad2063841.zip | |
Add FAQ entry for installing globally trusted certs for pentesting Windows apps.
Diffstat (limited to 'doc-src')
| -rw-r--r-- | doc-src/02-docstyle.css | 6 | ||||
| -rw-r--r-- | doc-src/faq.html | 54 | ||||
| -rw-r--r-- | doc-src/index.py | 5 | 
3 files changed, 63 insertions, 2 deletions
| diff --git a/doc-src/02-docstyle.css b/doc-src/02-docstyle.css index 7d33b861..236bfc52 100644 --- a/doc-src/02-docstyle.css +++ b/doc-src/02-docstyle.css @@ -93,3 +93,9 @@ a {      font-size: 1.1em;      font-weight: bold;  } + +pre { +    padding: 10px; +    background-color: #e0e0e0; +    margin: 10px; +} diff --git a/doc-src/faq.html b/doc-src/faq.html index 8b0a3ff5..253d32a3 100644 --- a/doc-src/faq.html +++ b/doc-src/faq.html @@ -14,4 +14,58 @@      components are hanging. Visit the relevant domains using your browser, and      add a certificate trust exception for each one. </p> + +    <p class="question">I'm pentesting an non-browser app that checks SSL +    certificate validity. How do I make it trust the MITMProxy certificate?</p> + + +    <p> Here's a quick and easy procedure you can use for Windows 7, as long as +    the app in question uses the global Windows certificate repository. </p> + +    <ul> + +        <li> First copy the file <b>libmproxy/resources/bogus_template</b> +        from the MITMProxy source, and edit it to include your target domain in +        the CN parameter. The result should look like this: + +<pre>[ req ] +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C               = NZ +ST              = none +L               = none +O               = none +OU              = none +CN              = target.domain.com +emailAddress    = none</pre> +        </li> + +        <li> Next, use your bogus template to generate a certificate, and +        install it for MITMPRoxy to use: + +<pre>openssl req -config ./my_bogus_template -x509 -nodes -days 9999 -newkey rsa:1024 -keyout mycert -out mycert + +cp mycert ~/.mitmproxy/cert.pem</pre> +        </li> + +        <li> Fire up MITMProxy, and configure Firefox on the Windows box to use +        it. Browse to the target domain, and you should see a big warning about +        an untrusted certificate. Use Firefox to export the certificate ("Add +        Exception", "Get Certificate", then "View", tab to "Details" and click +        "Export").  </li> + +        <li> From the command console, fire up <b>certmgr</b>. Select "Trusted +        Root Certification Authorities", then on the top menu, "Action", "All +        Tasks", and "Import". When prompted, select the certificate file you've +        just saved from Firefox.</li> + +        <li> And that's it - your certificate should now be trusted for that +        domain. Happy pentesting.</li> + +    </ul> + + +  </div> diff --git a/doc-src/index.py b/doc-src/index.py index 2b6dde6a..1ff22108 100644 --- a/doc-src/index.py +++ b/doc-src/index.py @@ -1,10 +1,11 @@  import countershape -from countershape import Page, Directory, PythonModule +from countershape import Page, Directory, PythonModule, markup  import countershape.grok +  this.layout = countershape.Layout("_layout.html") -this.markup = "markdown"  ns.docTitle = "mitmproxy" +this.markup = markup.Markdown()  ns.docMaintainer = "Aldo Cortesi"  ns.docMaintainerEmail = "aldo@corte.si"  ns.copyright = "Aldo Cortesi 2010" | 
