HTTPS inspection

Lior_Checkpoint · July 27, 2017, 9:00am

I would like to implement SSL inspection module using mitmproxy.

Is it possible to intercept every HTTPS packet after decryption, before sending it to the other side (client/server),
forward it to another service, which makes the inspection.
get the service’s response,
and finally send a new packet to the other side with the inspection changes?

It is important to the inspection service that the scope of the inspection will contain the entire packet. (HTTP request/response is not enough)

Thanks

mhils · July 27, 2017, 2:27pm

Hi @Lior_Checkpoint,

Mitmproxy internally does not work with packet-level granularity. We just open a regular TCP socket, so we don’t have access to individual packet information. You can use mitmproxy to do TLS interception, log TLS master secrets, and use the original PCAP, but doing this live is highly impractical and requires additional tools.

Topic		Replies	Views
Capture HTTPS Traffic without decryption of SSL connection	9	7418	October 3, 2018
Copy and send decrypted HTTPS traffic to specific location help	6	2009	January 25, 2018
See undecrpyted flow as a unit of packet help	1	791	March 26, 2017
Decryption port mirroring help	1	1267	June 18, 2019
Mitmproxy not picking up traffic	1	4654	June 23, 2017

HTTPS inspection

Related topics