diff options
| -rw-r--r-- | doc-src/_nav.html | 3 | ||||
| -rw-r--r-- | doc-src/certinstall/index.py | 2 | ||||
| -rw-r--r-- | doc-src/certinstall/webapp.html | 13 | ||||
| -rw-r--r-- | doc-src/index.py | 1 | ||||
| -rw-r--r-- | doc-src/ssl.html | 91 | ||||
| -rw-r--r-- | doc-src/tutorials/gamecenter.html | 2 |
6 files changed, 3 insertions, 109 deletions
diff --git a/doc-src/_nav.html b/doc-src/_nav.html index 91d2118f..3efff40b 100644 --- a/doc-src/_nav.html +++ b/doc-src/_nav.html @@ -29,8 +29,7 @@ <li class="nav-header">Installing Certificates</li> - $!nav("ssl.html", this, state)!$ - $!nav("certinstall/webapp.html", this, state)!$ + $!nav("certinstall/ssl.html", this, state)!$ <li class="nav-header">Transparent Proxying</li> $!nav("transparent.html", this, state)!$ diff --git a/doc-src/certinstall/index.py b/doc-src/certinstall/index.py index fd422cb3..67e6185b 100644 --- a/doc-src/certinstall/index.py +++ b/doc-src/certinstall/index.py @@ -1,6 +1,6 @@ from countershape import Page pages = [ - Page("webapp.html", "Using the Web App"), + Page("ssl.html", "SSL Options"), Page("mitm.it-error.html", "Error: No proxy configured"), ] diff --git a/doc-src/certinstall/webapp.html b/doc-src/certinstall/webapp.html deleted file mode 100644 index 478da96c..00000000 --- a/doc-src/certinstall/webapp.html +++ /dev/null @@ -1,13 +0,0 @@ - -By far the easiest way to install the mitmproxy certs is to use the built-in -web app. To do this, start mitmproxy and configure your target device with the -correct proxy settings. Now start a browser on the device, and visit the magic -domain **mitm.it**. You should see something like this: - -<img src="@!urlTo("webapp.png")!@"></img> - -Just click on the relevant icon, and then follow the setup instructions -for the platform you're on. - -Make sure you aren't using a bandwith optimizer (like Google's Data Compression -Proxy on Chrome for Android) or the page will not load. diff --git a/doc-src/index.py b/doc-src/index.py index 753f90a5..1c1203f8 100644 --- a/doc-src/index.py +++ b/doc-src/index.py @@ -67,7 +67,6 @@ pages = [ Page("mitmdump.html", "mitmdump"), Page("config.html", "configuration"), - Page("ssl.html", "Overview"), Directory("certinstall"), Directory("scripting"), Directory("tutorials"), diff --git a/doc-src/ssl.html b/doc-src/ssl.html deleted file mode 100644 index cccde1b7..00000000 --- a/doc-src/ssl.html +++ /dev/null @@ -1,91 +0,0 @@ - -The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files -for the mitmproxy Certificate Authority are created in the config directory -(~/.mitmproxy by default). This CA is used for on-the-fly generation of dummy -certificates for SSL interception. Since your browser won't trust the -__mitmproxy__ CA out of the box (and rightly so), you will see an SSL cert -warning every time you visit a new SSL domain through __mitmproxy__. When -you're testing a single site through a browser, just accepting the bogus SSL -cert manually is not too much trouble, but there are a many circumstances where -you will want to configure your testing system or browser to trust the -__mitmproxy__ CA as a signing root authority. - - -CA and cert files ------------------ - -The files created by mitmproxy in the .mitmproxy directory are as follows: - -<table class="table"> - <tr> - <td class="nowrap">mitmproxy-ca.pem</td> - <td>The private key and certificate in PEM format.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.pem</td> - <td>The certificate in PEM format. Use this to distribute to most - non-Windows platforms.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.p12</td> - <td>The certificate in PKCS12 format. For use on Windows.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.cer</td> - <td>Same file as .pem, but with an extension expected by some Android - devices.</td> - </tr> -</table> - - -Using a custom certificate --------------------------- - -You can use your own certificate by passing the <kbd>--cert</kbd> option to mitmproxy. mitmproxy then uses the provided -certificate for interception of the specified domains instead of generating a cert signed by its own CA. - -The certificate file is expected to be in the PEM format. -You can include intermediary certificates right below your leaf certificate, so that you PEM file roughly looks like -this: - -<pre> ------BEGIN PRIVATE KEY----- -<private key> ------END PRIVATE KEY----- ------BEGIN CERTIFICATE----- -<cert> ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -<intermediary cert (optional)> ------END CERTIFICATE----- -</pre> - -For example, you can generate a certificate in this format using these instructions: - -<pre class="terminal"> -> openssl genrsa -out cert.key 8192 -> openssl req -new -x509 -key cert.key -out cert.crt - (Specify the mitm domain as Common Name, e.g. *.google.com) -> cat cert.key cert.crt > cert.pem -> mitmproxy --cert=cert.pem -</pre> - -Using a client side certificate ------------------------------------- -You can use a client certificate by passing the <kbd>--client-certs DIRECTORY</kbd> option to mitmproxy. -If you visit example.org, mitmproxy looks for a file named example.org.pem in the specified directory -and uses this as the client cert. The certificate file needs to be in the PEM format and should contain -both the unencrypted private key as well as the certificate. - - -Using a custom certificate authority ------------------------------------- - -By default, mitmproxy will (generate and) use <samp>~/.mitmproxy/mitmproxy-ca.pem</samp> as the default certificate -authority to generate certificates for all domains for which no custom certificate is provided (see above). -You can use your own certificate authority by passing the <kbd>--confdir</kbd> option to mitmproxy. -mitmproxy will then look for <samp>mitmproxy-ca.pem</samp> in the specified directory. If no such file exists, -it will be generated automatically. - - - diff --git a/doc-src/tutorials/gamecenter.html b/doc-src/tutorials/gamecenter.html index d192232c..8d2e9bc5 100644 --- a/doc-src/tutorials/gamecenter.html +++ b/doc-src/tutorials/gamecenter.html @@ -3,7 +3,7 @@ In this tutorial, I'm going to show you how simple it is to creatively interfere with Apple Game Center traffic using mitmproxy. To set things up, -you must install the [mitmproxy root certificate](@!urlTo("certinstall/webapp.html")!@). I then +you must install the [mitmproxy root certificate](@!urlTo("certinstall/ssl.html")!@). I then started mitmproxy on my desktop, and configured the iPhone to use it as a proxy. |