Issues with --insecure option


#1

Hello,

I am trying to intercept traffic from a client device to a specific server. The client device is not proxy-aware and has a self signed certificate, so I am attempting to use mitmdump in insecure reverse-proxy mode:

.\mitmdump.exe --insecure -R https://1.1.1.1:2222 --tcp 1.1.1.1:2222 -p 2222 -v -w “C:\Path\To\Log”

(I then instruct the client to connect to the IP of the host running mitmdump)

I am getting:

Certificate Verification Error for 1.1.1.1: self signed certificate in certificate chain (errno: 19, depth: 1)
Invalid certificate, closing connection. Pass --insecure to disable validation.

It does not seem to be respecting the “–insecure” option. I have also tried adding the certificate for the target server to both the Trusted Root CA store for the local computer (this is on Windows) as well as specifying the certificate directly with “–upstream-trusted-ca” - neither had any affect, I receive the same error.

Do I have my options wrong? Is there a better way to do this?

Thank you!


#2

Hi @dplk,

--insecure should indeed disable the upstream certificate validation. Can you provide us with a reproducible example where that is not happening?