See undecrpyted flow as a unit of packet


#1

I’m currently analyzing https packets using mitmproxy(awesome tool!).

I have a couple of questions how to use it properly.

  1. How could I see an undecrypted ssl packet body?
    I mean if I chose to see a flow in the form of hex by mitmproxy, it shows us decrypted one.
    For example, in the image below, the left result is from tcpdump executed in a rooted android mobile, and the right image is from mitmproxy.
    I want to get left(undecryted one) data from mitmproxy to match between these two data, undecrypted one and decrpyted one.

  2. When we request a image which size is pretty big, TCP packets are fragmented and reassembled at an end host.
    I could see a flow of such request/response like the image below, but I want to see each TCP request/response packets for this flow.
    I want to see this flow more specific as unit of packet in/out like the left result(from wireshark) in the image below.
    The goal is that I want to find a final response packet for such large files.
    How could I do it in mitmproxy? (The solution might Include modifying original source code)

Thanks :slight_smile:


#2

We don’t store the encrypted traffic, so that is not possible.

Mitmproxy internally just opens a socket and reads from it - there’s no packet-level information, sorry.