I have setup mitmproxy in transparent mode with all HTTP/HTTPS traffic routed to my proxy through firewall. I want to see HTTPS requests without decrypting it as I do not have any requisite certificates for domains.
Is there any command line option to mitmproxy to make pass through settings to see what HTTPS requests being made from connected clients. just HTTP/HTTPS requests without any decryption.
Appliances like Sonicwall that do SSL inspection essentially break the SSL tunnel between the browser and the end site and form 2 tunnels:
Browser <=> SSL Inspection Module <=> Website
So the SSL inspector (if its configured to do so) creates a session between the browser and its self, then creates a session between its self and the website, so everything is visible to it, but still ‘encrypted’. But your browsers session is with the SSL inspector, not the website.
Hi, I have a question regarding usage of MITM proxy with BrowserStack infrastructure.
We test mobile applications, and for automation purposes we decided to use MITM proxy and BrowserStack. Browserstack doesn’t allow to install the certificates on the devices, so MITM proxy won’t intercept HTTPS requests. There is a script which is downloaded using secured connection as soon as our mobile test app is opened. MITM ignores this request, so we can’t use this mobile application at all.
As @mhils says that MITM can’t track HTTPS requests without certificate being installed on the devices, does it mean that MITM can’t be used in BrowserStack infrastructure in our case?