Intercepting tcp connections with TLS 1.2 and custom certificates



when trying to intercept non HTTPS tcp connections with TLS 1.2 in a local network without DNS name, following error happen:

warn Cannot connect to server, no server address given.

What is my mistake?

Steps to reproduce the problem:

  • creating self signed server cert.pem and client certificate client-cert.pem
  • client and server are running in local network without dns.
  • mitmproxy --tcp --cert *=./cert.pem --client-cert ./client-cert.pem

Mitmproxy version: 1.0.2
Python version: 3.5.2
Platform: Linux-4.4.36-8-default-x86_64-with-SuSE-42.2-x86_64
SSL version: OpenSSL 1.1.0c 10 Nov 2016
Linux distro: openSUSE 42.2 x86_64


How are you redirecting connections to mitmproxy?
This looks mitmproxy has no information about the connection destination, see



thank you for your fast response!

Mitmproxy, the client and the server are in the same local network. With --tcp I provide mitmproxy the ip-address of the server. The client is configured to use the ip address of the mitmproxy server as destination. The server has no DNS name, only an IP-Address.

Is this scenario possible?


With --tcp you specify for which hosts you want to use TCP mode, but that doesn’t imply the target. You need to start mitmproxy as a reverse proxy as well (disregard the http[s] at the beginning of the URL - that’ll be overridden by --tcp).

Using mitmproxy to terminate TLS for HTTP/2