Proxy HTTPS connection


#1

I’m trying to do some testing of my companies IE11 zone policy. We have a production web server hosted externally that uses HTTPS and I want to test how our zone policy affects content. I’ve got a copy of the web server in our Testing LAN with the same SSL cert and configuration etc. This will allow me to update content/scripts without affecting anyone.

I want my test client to perform a dns lookup as normal for the hosted web server but I want mitmproxy to proxy/redirect that connection to my LAN web server. The idea here is that the test client web browser will believe the content has come from the external site and apply the correct zone policy. I think one of the challenges here is that the connection is HTTPS but as I own the certs it should be okay? Also would mitmproxy need to re-resolve the dns name and/or IP address, so it can redirect locally.

Is this possible?


#2

@mhils - do you have any suggestions?


#3

If I understand you correctly, you just want mitmproxy to redirect requests to another server, is that correct?
In that case you can probably just use https://github.com/mitmproxy/mitmproxy/blob/master/examples/simple/redirect_requests.py (with the correct host names) and things should work as intended. You can either assign an IP or a hostname that resolves to the correct internal IP and traffic should just go to your intended direction.


#4

So for example I type into my browser: https://example.com, mitmproxy will see that and rewrite the destination to an internal LAN server.

I’m guessing that mitmproxy would see the IP address of “example.com” first and the server hosting mitmproxy would need to know how to route the modified IP. What happens if it’s based hostname? Would the server running mitmproxy perform the DNS lookup?


#5

Instead of making vague assumptions, I would recommend to try out the script I linked above. :wink: