HTTPS inspection


#1

I would like to implement SSL inspection module using mitmproxy.

Is it possible to intercept every HTTPS packet after decryption, before sending it to the other side (client/server),
forward it to another service, which makes the inspection.
get the service’s response,
and finally send a new packet to the other side with the inspection changes?

It is important to the inspection service that the scope of the inspection will contain the entire packet. (HTTP request/response is not enough)

Thanks


#2

Hi @Lior_Checkpoint,

Mitmproxy internally does not work with packet-level granularity. We just open a regular TCP socket, so we don’t have access to individual packet information. You can use mitmproxy to do TLS interception, log TLS master secrets, and use the original PCAP, but doing this live is highly impractical and requires additional tools.