Handling CONNECT requests that are blocked (because of pinning?)


#1

Mitmproxy: 4.0.4
Python: 3.6.1
OpenSSL: OpenSSL 1.1.0i 14 Aug 2018
Platform: Linux-2.6.32-754.3.5.el6.x86_64-x86_64-with-centos-6.10-Final

Running in normal mode.
mitmdump -s script.py --listen-port 10080 --confdir --set block_global=false

For some HTTPS connections I see this error:

IP:60501: CONNECT something.com:443
<< Cannot establish TLS with client (sni: something.com): TlsException("(-1, ‘Unexpected EOF’)",)

On fiddler its possible to tag these connections to not be decrypted, and therefore pass straight through.

https://www.fiddlerbook.com/fiddler/help/httpsdecryption.asp#byhost
Once tagged, the connect request and response is logged, just without any decryption for the response body.

At the moment, these CONNECT requests appear to be totally discarded after they fail.

Is it possible to do something like this for mitmproxy?

Thanks