Transparent proxy logging certificate pinned application traffic?


#1

How can you show all (including certificate pinned SSL) requests in the mitmdump console?

mitmdump runs as a transparent proxy in the setup and I’d like to see all client side requests (at least when and to who they we’re made) in order to see where the proxy has failed to decrypt the requests coming from the mobile device. The standard transparent setup seems to excludes such requests from the console. To be clear, there is no need to capture the full request or alter the flow, but to understand which application and when are doing requests which cannot be read by mitmdump

For example, a browser request to any google.com would not show nor would app store traffic (searches or downloads) nor some applications (such as facebook, gmail etc).


#3

I believe what you are asking is how do you see the traffic over an HTTPS connection.

To see the traffic you have to install the mitmproxy certificate as a root certificate on the client, in your case the mobile device. After the client trusts the certificate, then mitmdump will be able to see the traffic.

Installing the mitmproxy certificate on the client will not open up traffic that uses certificate pinning. To do this you typically gain root access to the client and disable the systems default SSL certificate validation. Doing this disables all network security on the device, so I would not recommend doing it.

Good luck.