Intercepting tcp connections with TLS 1.2 and custom certificates


#1

Hi,

when trying to intercept non HTTPS tcp connections with TLS 1.2 in a local network without DNS name, following error happen:

warn xxx.xxx.xxx.xxx:yyyy: Cannot connect to server, no server address given.

What is my mistake?

Steps to reproduce the problem:

  • creating self signed server cert.pem and client certificate client-cert.pem
  • client and server are running in local network without dns.
  • mitmproxy --tcp xxx.xxx.xxx.xxx:yyyy --cert *=./cert.pem --client-cert ./client-cert.pem

Mitmproxy version: 1.0.2
Python version: 3.5.2
Platform: Linux-4.4.36-8-default-x86_64-with-SuSE-42.2-x86_64
SSL version: OpenSSL 1.1.0c 10 Nov 2016
Linux distro: openSUSE 42.2 x86_64


#2

How are you redirecting connections to mitmproxy?
This looks mitmproxy has no information about the connection destination, see http://docs.mitmproxy.org/en/stable/modes.html.


#3

Hi,

thank you for your fast response!

Mitmproxy, the client and the server are in the same local network. With --tcp I provide mitmproxy the ip-address of the server. The client is configured to use the ip address of the mitmproxy server as destination. The server has no DNS name, only an IP-Address.

Is this scenario possible?


#4

With --tcp you specify for which hosts you want to use TCP mode, but that doesn’t imply the target. You need to start mitmproxy as a reverse proxy as well (disregard the http[s] at the beginning of the URL - that’ll be overridden by --tcp).


Using mitmproxy to terminate TLS for HTTP/2