Some sites communicate over port 80 but not using HTTP. One example I see is for instance the Kapersky Mobile Antivirus. In my logs I get:
ProtocolException("HTTP protocol error in client request: Bad HTTP request line: b'PI'",)
There is no indication of the destination IP but that can be figured out with tcpdump. BTW, I’m running mitmdump in transparent mode.
It would be nice to have the option (or the built-in default) to automatically switch to pass-through in this case instead of disconnecting the client.