I'm currently analyzing https packets using mitmproxy(awesome tool!).
I have a couple of questions how to use it properly.
How could I see an undecrypted ssl packet body? I mean if I chose to see a flow in the form of hex by mitmproxy, it shows us decrypted one. For example, in the image below, the left result is from tcpdump executed in a rooted android mobile, and the right image is from mitmproxy. I want to get left(undecryted one) data from mitmproxy to match between these two data, undecrypted one and decrpyted one.
When we request a image which size is pretty big, TCP packets are fragmented and reassembled at an end host.I could see a flow of such request/response like the image below, but I want to see each TCP request/response packets for this flow. I want to see this flow more specific as unit of packet in/out like the left result(from wireshark) in the image below. The goal is that I want to find a final response packet for such large files.How could I do it in mitmproxy? (The solution might Include modifying original source code)
We don't store the encrypted traffic, so that is not possible.
Mitmproxy internally just opens a socket and reads from it - there's no packet-level information, sorry.