From 74b3b842fefec6a05d17bbdf365cd92c82fd3503 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Fri, 4 Sep 2015 16:17:55 +0200 Subject: rewrite basic docs for readthedocs --- docs/features/upstreamcerts.rst | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 docs/features/upstreamcerts.rst (limited to 'docs/features/upstreamcerts.rst') diff --git a/docs/features/upstreamcerts.rst b/docs/features/upstreamcerts.rst new file mode 100644 index 00000000..a287daef --- /dev/null +++ b/docs/features/upstreamcerts.rst @@ -0,0 +1,4 @@ +.. _upstreamcerts: + +Upstream Certificates +===================== \ No newline at end of file -- cgit v1.2.3 From b4013659a81a48908eb3e060f04143ba1f9689bb Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Sun, 6 Sep 2015 03:20:58 +0200 Subject: docs :tada: --- docs/features/upstreamcerts.rst | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'docs/features/upstreamcerts.rst') diff --git a/docs/features/upstreamcerts.rst b/docs/features/upstreamcerts.rst index a287daef..84cfb84e 100644 --- a/docs/features/upstreamcerts.rst +++ b/docs/features/upstreamcerts.rst @@ -1,4 +1,23 @@ .. _upstreamcerts: Upstream Certificates -===================== \ No newline at end of file +===================== + +When mitmproxy receives a connection destined for an SSL-protected service, it +freezes the connection before reading its request data, and makes a connection +to the upstream server to "sniff" the contents of its SSL certificate. The +information gained - the **Common Name** and **Subject Alternative Names** - is +then used to generate the interception certificate, which is sent to the client +so the connection can continue. + +This rather intricate little dance lets us seamlessly generate correct +certificates even if the client has specifed only an IP address rather than the +hostname. It also means that we don't need to sniff additional data to generate +certs in transparent mode. + +Upstream cert sniffing is on by default, and can optionally be turned off. + +================== ============================= +command-line :option:`--no-upstream-cert` +mitmproxy shortcut :kbd:`o` then :kbd:`U` +================== ============================= \ No newline at end of file -- cgit v1.2.3 From c4286b15dc3d95f52b7ce5b5292796109fa77f3f Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 7 Sep 2015 10:52:18 +0200 Subject: docs: minor fixes --- docs/features/upstreamcerts.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/features/upstreamcerts.rst') diff --git a/docs/features/upstreamcerts.rst b/docs/features/upstreamcerts.rst index 84cfb84e..c687aec7 100644 --- a/docs/features/upstreamcerts.rst +++ b/docs/features/upstreamcerts.rst @@ -20,4 +20,4 @@ Upstream cert sniffing is on by default, and can optionally be turned off. ================== ============================= command-line :option:`--no-upstream-cert` mitmproxy shortcut :kbd:`o` then :kbd:`U` -================== ============================= \ No newline at end of file +================== ============================= -- cgit v1.2.3