7 files changed, 109 insertions, 12 deletions
diff --git a/doc-src/features/index.py b/doc-src/features/index.py
index 477bb8af..693b4439 100644
--- a/doc-src/features/index.py
+++ b/doc-src/features/index.py
@@ -9,9 +9,11 @@ pages = [
     Page("replacements.html", "Replacements"),
     Page("responsestreaming.html", "Response Streaming"),
     Page("reverseproxy.html", "Reverse proxy mode"),
+    Page("socksproxy.html", "SOCKS Mode"),
     Page("setheaders.html", "Set Headers"),
     Page("serverreplay.html", "Server-side replay"),
     Page("sticky.html", "Sticky cookies and auth"),
+    Page("tcpproxy.html", "TCP Proxy"),
     Page("upstreamcerts.html", "Upstream Certs"),
     Page("upstreamproxy.html", "Upstream proxy mode"),
 ]
 \ No newline at end of file
diff --git a/doc-src/features/passthrough.html b/doc-src/features/passthrough.html
index 039d6b58..7c830639 100644
--- a/doc-src/features/passthrough.html
+++ b/doc-src/features/passthrough.html
@@ -1,13 +1,12 @@
-There are a couple of reasons why you may want to exempt some traffic from mitmproxy's interception mechanism:
+There are two main reasons why you may want to exempt some traffic from mitmproxy's interception mechanism:
 
 - **Certificate pinning:** Some traffic is is protected using
   [certificate pinning](https://security.stackexchange.com/questions/29988/what-is-certificate-pinning) and mitmproxy's
   interception leads to errors. For example, Windows Update or the Apple App Store fail to work if mitmproxy is active.
-- **Non-HTTP traffic:** WebSockets or other non-http protocols are not supported by mitmproxy yet. You can exempt the
-  domain from processing, which would otherwise fail.
 - **Convenience:** You really don't care about some parts of the traffic and just want them to go away.
 
-If you want to ignore traffic from mitmproxy's processing because of large response bodies, check out the
+If you want to peek into (SSL-protected) non-HTTP connections, check out the [tcp proxy](@!urlTo("tcpproxy.html")!@) feature.
+If you want to ignore traffic from mitmproxy's processing because of large response bodies, take a look at the
 [response streaming](@!urlTo("responsestreaming.html")!@) feature.
 
 ## How it works
@@ -74,4 +73,9 @@ Here are some other examples for ignore patterns:
 --ignore 17\.178\.\d+\.\d+:443
 </pre>
 
+### See Also
+
+- [TCP Proxy](@!urlTo("tcpproxy.html")!@)
+- [Response Streaming](@!urlTo("responsestreaming.html")!@)
+
 [^explicithttp]: This stems from an limitation of explicit HTTP proxying: A single connection can be re-used for multiple target domains - a <code>GET http://example.com/</code> request may be followed by a <code>GET http://evil.com/</code> request on the same connection. If we start to ignore the connection after the first request, we would miss the relevant second one.
 \ No newline at end of file
diff --git a/doc-src/features/responsestreaming.html b/doc-src/features/responsestreaming.html
index d20af65c..47fafef7 100644
--- a/doc-src/features/responsestreaming.html
+++ b/doc-src/features/responsestreaming.html
@@ -47,4 +47,8 @@ When response streaming is enabled, portions of the code which would have otherw
 on the response body will see an empty response body instead (<code>libmproxy.protocol.http.CONTENT_MISSING</code>). Any modifications will be ignored.
 
 Streamed responses are usually sent in chunks of 4096 bytes. If the response is sent with a <code>Transfer-Encoding:
-    chunked</code> header, the response will be streamed one chunk at a time.
-\ No newline at end of file
+    chunked</code> header, the response will be streamed one chunk at a time.
+
+### See Also
+
+- [Ignore Domains](@!urlTo("passthrough.html")!@)
diff --git a/doc-src/features/reverseproxy.html b/doc-src/features/reverseproxy.html
index e6de4f33..5ef4efc5 100644
--- a/doc-src/features/reverseproxy.html
+++ b/doc-src/features/reverseproxy.html
@@ -7,10 +7,46 @@ mitmproxy forwards HTTP proxy requests to an upstream proxy server.
 <table class="table">
     <tbody>
         <tr>
-            <th width="20%">command-line</th> <td>-R http[s]://hostname[:port]</td>
-        </tr>
-        <tr>
-            <th>mitmproxy shortcut</th> <td><b>P</b></td>
+            <th width="20%">command-line</th> <td>-R <i>schema</i>://hostname[:port]</td>
         </tr>
     </tbody>
 </table>
+
+Here, **schema** is one of http, https, http2https or https2http. The latter
+two extended schema specifications control the use of HTTP and HTTPS on
+mitmproxy and the upstream server. You can indicate that mitmproxy should use
+HTTP, and the upstream server uses HTTPS like this:
+
+	http2https://hostname:port
+
+And you can indicate that mitmproxy should use HTTPS while the upstream
+service uses HTTP like this:
+
+	https2http://hostname:port
+
+
+### Host Header
+
+In reverse proxy mode, mitmproxy does not rewrite the host header. While often useful, this
+may lead to issues with public web servers. For example, consider the following scenario:
+
+    $ python mitmdump -d -R http://example.com/ &
+    $ curl http://localhost:8080/
+
+    >> GET https://example.com/
+        Host: localhost:8080
+        User-Agent: curl/7.35.0
+        [...]
+
+    << 404 Not Found 345B
+
+Since the Host header doesn't match <samp>example.com</samp>, an error is returned.<br>
+There are two ways to solve this:
+<ol>
+    <li>Modify the hosts file of your OS so that example.com resolves to 127.0.0.1.</li>
+    <li>
+        Instruct mitmproxy to rewrite the host header by passing <kbd>&#8209;&#8209;setheader&nbsp;:~q:Host:example.com</kbd>.
+        However, keep in mind that absolute URLs within the returned document or HTTP redirects will cause the client application
+        to bypass the proxy.
+    </li>
+</ol>
+\ No newline at end of file
diff --git a/doc-src/features/socksproxy.html b/doc-src/features/socksproxy.html
new file mode 100644
index 00000000..f436cbf5
--- /dev/null
+++ b/doc-src/features/socksproxy.html
@@ -0,0 +1,10 @@
+
+In this mode, mitmproxy acts as a SOCKS5 proxy server.
+
+<table class="table">
+    <tbody>
+        <tr>
+            <th width="20%">command-line</th> <td>--socks</td>
+        </tr>
+    </tbody>
+</table>
diff --git a/doc-src/features/tcpproxy.html b/doc-src/features/tcpproxy.html
new file mode 100644
index 00000000..819cf297
--- /dev/null
+++ b/doc-src/features/tcpproxy.html
@@ -0,0 +1,30 @@
+WebSockets or other non-HTTP protocols are not supported by mitmproxy yet. However, you can exempt hostnames from
+processing, so that mitmproxy acts as a generic TCP forwarder. This feature is closely related to the
+[ignore domains](@!urlTo("passthrough.html")!@) functionality, but differs in two important aspects:
+
+- The raw TCP messages are printed to the event log.
+- SSL connections will be intercepted.
+
+Please note that message interception or modification are not possible yet.
+If you are not interested in the raw TCP messages, you should use the ignore domains feature.
+
+## How it works
+
+
+<table class="table">
+    <tbody>
+        <tr>
+            <th width="20%">command-line</th> <td>--tcp HOST</td>
+        </tr>
+        <tr>
+            <th>mitmproxy shortcut</th> <td><b>T</b></td>
+        </tr>
+    </tbody>
+</table>
+
+For a detailed description on the structure of the hostname pattern, please refer to the [Ignore Domains](@!urlTo("passthrough.html")!@) feature.
+
+### See Also
+
+- [Ignore Domains](@!urlTo("passthrough.html")!@)
+- [Response Streaming](@!urlTo("responsestreaming.html")!@)
diff --git a/doc-src/features/upstreamproxy.html b/doc-src/features/upstreamproxy.html
index 6039f4df..47bc115d 100644
--- a/doc-src/features/upstreamproxy.html
+++ b/doc-src/features/upstreamproxy.html
@@ -9,8 +9,19 @@ mitmproxy forwards ordinary HTTP requests to an upstream server.
         <tr>
             <th width="20%">command-line</th> <td>-U http://hostname[:port]</td>
         </tr>
-        <tr>
-            <th>mitmproxy shortcut</th> <td><b>U</b></td>
-        </tr>
     </tbody>
 </table>
+
+Here, **schema** is one of http, https, http2https or https2http. The latter
+two extended schema specifications control the use of HTTP and HTTPS on
+mitmproxy and the upstream server. You can indicate that mitmproxy should use
+HTTP, and the upstream server uses HTTPS like this:
+
+	http2https://hostname:port
+
+And you can indicate that mitmproxy should use HTTPS while the upstream
+service uses HTTP like this:
+
+	https2http://hostname:port
+
+