Handling CONNECT requests that are blocked (because of pinning?)

Mitmproxy: 4.0.4
Python: 3.6.1
OpenSSL: OpenSSL 1.1.0i 14 Aug 2018
Platform: Linux-2.6.32-754.3.5.el6.x86_64-x86_64-with-centos-6.10-Final

Running in normal mode.
mitmdump -s script.py --listen-port 10080 --confdir --set block_global=false

For some HTTPS connections I see this error:

IP:60501: CONNECT something.com:443
<< Cannot establish TLS with client (sni: something.com): TlsException("(-1, ‘Unexpected EOF’)",)

On fiddler its possible to tag these connections to not be decrypted, and therefore pass straight through.

Once tagged, the connect request and response is logged, just without any decryption for the response body.

At the moment, these CONNECT requests appear to be totally discarded after they fail.

Is it possible to do something like this for mitmproxy?



I have same problem on same version of mitmproxy.
As I understand connections fail because mitmproxy change SSL certificates and try to decrypt traffic.
Is it possible to configure mitmproxy to skip CONNECT method requests and even not decrypt them?


Take a look at https://github.com/mitmproxy/mitmproxy/blob/master/examples/complex/tls_passthrough.py! :slight_smile: