diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2016-01-26 21:07:12 +0100 |
|---|---|---|
| committer | Maximilian Hils <git@maximilianhils.com> | 2016-01-26 21:07:12 +0100 |
| commit | ce132dc18093b1aa6a9afe9c935fd17d1d8fda4b (patch) | |
| tree | cc9f5cdaf229575d981744945eb538040c25807c /docs/features/passthrough.rst | |
| parent | 798bd413e8b08343503b4ad38ab92aed2acad71c (diff) | |
| parent | 4be8d148b13ae15d6b0f287935d3dc53a40cdf28 (diff) | |
| download | mitmproxy-ce132dc18093b1aa6a9afe9c935fd17d1d8fda4b.tar.gz mitmproxy-ce132dc18093b1aa6a9afe9c935fd17d1d8fda4b.tar.bz2 mitmproxy-ce132dc18093b1aa6a9afe9c935fd17d1d8fda4b.zip | |
Merge pull request #893 from dweinstein/sni-ignore
Add ignore based on TLS ClientHello SNI
Diffstat (limited to 'docs/features/passthrough.rst')
| -rw-r--r-- | docs/features/passthrough.rst | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/features/passthrough.rst b/docs/features/passthrough.rst index 80521393..b7b5df84 100644 --- a/docs/features/passthrough.rst +++ b/docs/features/passthrough.rst @@ -31,9 +31,9 @@ mitmproxy allows you to specify a regex which is matched against a ``host:port`` There are two important quirks to consider: -- **In transparent mode, the ignore pattern is matched against the IP.** While we usually infer the +- **In transparent mode, the ignore pattern is matched against the IP and ClientHello SNI host.** While we usually infer the hostname from the Host header if the :option:`--host` argument is passed to mitmproxy, we do not - have access to this information before the SSL handshake. + have access to this information before the SSL handshake. If the client uses SNI however, then we treat the SNI host as an ignore target. - In regular mode, explicit HTTP requests are never ignored. [#explicithttp]_ The ignore pattern is applied on CONNECT requests, which initiate HTTPS or clear-text WebSocket connections. |