HTTPS inspection

Lior_Checkpoint · July 27, 2017, 9:00am

I would like to implement SSL inspection module using mitmproxy.

Is it possible to intercept every HTTPS packet after decryption, before sending it to the other side (client/server),
forward it to another service, which makes the inspection.
get the service’s response,
and finally send a new packet to the other side with the inspection changes?

It is important to the inspection service that the scope of the inspection will contain the entire packet. (HTTP request/response is not enough)

Thanks

mhils · July 27, 2017, 2:27pm

Hi @Lior_Checkpoint,

Mitmproxy internally does not work with packet-level granularity. We just open a regular TCP socket, so we don’t have access to individual packet information. You can use mitmproxy to do TLS interception, log TLS master secrets, and use the original PCAP, but doing this live is highly impractical and requires additional tools.

Topic		Replies	Views
Copy and send decrypted HTTPS traffic to specific location help	6	1972	January 25, 2018
Blocking specific HTTPS POST request by payload/endpoint? help	1	1296	November 4, 2019
Terminate SSL and forward to a different server? help	4	1083	September 17, 2018
Test scenario with multiple clients needing the same "live" data help	0	579	July 20, 2018
Just starting out, have some questions help	4	1780	September 29, 2016

HTTPS inspection

Related Topics