I want to build a persistent docker application (a set of microservices) to capture HTTP sessions from mobile apps.
Here is the workflow for a user:
- User sets up the proxy on their mobile device (sets proxy IP address of the appliance with port)
- If it is the first time a user has connected to the proxy, the user installs self-generated certificate.
- When a HTTP request comes into the proxy appliance, the appliance sends the serialized request as whole to a job queue (which puts it into a database).
- When user has completed their session, they can go to a web portal to review each request and response.
- If user wants to export a session (a “flow”, a group of request/responses), they can export as a HAR file.
All of this seems pretty straightforward. But, I have a few questions.
- Obviously I will write a mitm inline script (http://docs.mitmproxy.org/en/v0.17/scripting/inlinescripts.html). Does each request/response object provided in the mitm callback inside my inline script have access to something unique to the client, say a MAC address (so I can tag it in the database)?
- I’m not familiar enough with HTTP2 to understand whether HTTP multiplexing makes this idea much more complicated than I might imagine. Can anyone comment?