I’m using mitmproxy as a transparent proxy with a white list. This allows me to restrict the access to some API on the internet.
The access to the API I’m using can be a bit slow (1-2 seconds), so I’ve added a cache to directly reply the last response for the same tuple (path, content, headers). This seems to work but it’s still too slow (~1 second). I’ve added some logs and it looks like most of the time is spent between the client connection and the call to the clientconnect of my script.
I’m guessing that mitmproxy is building a certificate, is that right? Could I simply put it into a cache too?
My first guess would be that mitmproxy is still connecting to the upstream server to get the certificate information. If the client sends a TLS Server Name Indication, you can just pass --no-upstream-cert to mitmproxy and things should be considerably faster. Does this solve your problem?
Hard to say - you may be successful by increasing the verbosity ( -vvv ) and see if there’s anything in the event log that gives away what the issue is.