From 2a2387fb3293bb5cd08c4e18f1d8153619c7ef3b Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Wed, 9 Nov 2016 13:11:31 +0100
Subject: explain host=pretty_host assignment

---
 examples/sslstrip.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'examples/sslstrip.py')

diff --git a/examples/sslstrip.py b/examples/sslstrip.py
index 5e1eb56f..9a090c0c 100644
--- a/examples/sslstrip.py
+++ b/examples/sslstrip.py
@@ -16,6 +16,10 @@ def request(flow):
     if flow.request.pretty_host in secure_hosts:
         flow.request.scheme = 'https'
         flow.request.port = 443
+
+        # We need to update the request destination to whatever is specified in the host header:
+        # Having no TLS Server Name Indication from the client and just an IP address as request.host
+        # in transparent mode, TLS server name certificate validation would fail.
         flow.request.host = flow.request.pretty_host
 
 
-- 
cgit v1.2.3