I’m currently analyzing https packets using mitmproxy(awesome tool!).
I have a couple of questions how to use it properly.
-
How could I see an undecrypted ssl packet body?
I mean if I chose to see a flow in the form of hex by mitmproxy, it shows us decrypted one.
For example, in the image below, the left result is from tcpdump executed in a rooted android mobile, and the right image is from mitmproxy.
I want to get left(undecryted one) data from mitmproxy to match between these two data, undecrypted one and decrpyted one. -
When we request a image which size is pretty big, TCP packets are fragmented and reassembled at an end host.
I could see a flow of such request/response like the image below, but I want to see each TCP request/response packets for this flow.
I want to see this flow more specific as unit of packet in/out like the left result(from wireshark) in the image below.
The goal is that I want to find a final response packet for such large files.
How could I do it in mitmproxy? (The solution might Include modifying original source code)
Thanks 