Programatically determine if mitmproxy certificate has been installed


#1

Hi all,

I’m looking for a way to determine if the mitmproxy certificate has been installed on a transparently proxied client from a mitmproxy script. As a somewhat unrelated follow up, is the certificate served by http://mitm.it locally from the machine that mitmproxy is running on? If so, where might I be able to find that html page on an Ubuntu install.

Thanks!
Brannon


#2

Hi,

I’m looking for a way to determine if the mitmproxy certificate has been installed on a transparently proxied client from a mitmproxy script

The only heuristic you have is to see if the client accepts or rejects it. There is no way to know beforehand on the proxy.

As a somewhat unrelated follow up, is the certificate served by http://mitm.it locally from the machine that mitmproxy is running on?

As stated on mitm.it, yes.

If so, where might I be able to find that html page on an Ubuntu install.


The certificates are stored in ~/.mitmproxy.

Hope that helps!
Max


#3

Hi Max,

Thanks for the reply! How exactly would one be able to tell if the certificate was accepted or rejected by the client without access to that machine (pentesting w/ transparent proxy + arpspoof)? I suppose that I could put some custom JavaScript on the mitm.it page that pools an arbitrary https:// url… If the request ever goes through than the cert was successfully installed? Is there a better way to do this?

Thanks!


#4

In short, no. See the tls passthrough example in the repo on how to detect it on the proxy.


#5

I’m having a bit of trouble understanding the difference between #1 and #2, and #3 and #4. It seems to me that those pairs are both the same command.

It looks like the TlsFeedback class might be what I’m looking for. Does that determine if the client can communicate with the mitmproxy server via TLS (and therefor the certificate has been installed) or if the client can communicate to the requested HOST (e.g. facebook) via TLS?