Hacker News new | ask | show | jobs
by monai 1805 days ago
mitmproxy is a great tool, but it lacks upstream certificate lookup and attributes transfer to a generated host certificate. For example, Charles does that. Some applications perform attribute inspection to detect MITM proxies, namely Spotify. Are you planning to implement this feature? Or maybe you already did it in version 7?
1 comments
mhils 1805 days ago
mitmproxy does lookup the upstream certificate by default, but at the moment we only transfer common name, subject alternative names and (new) organization name. The good news is that with version 7 it's very easy to add more here, I'd be more than happy to accept contributions. :)
link
monai 1805 days ago
Good news indeed! I tried to contribute 1–2 years ago and quickly realized that such a feature would require a substantial rewrite after a quick code inspection.
link
mhils 1805 days ago
If you (or anyone else reading this) is interested, please do reach out on GitHub or our dev Slack. Happy to help you get started. :)
link
prinzhorn 1804 days ago
Is this related to https://github.com/mitmproxy/mitmproxy/issues/4575 ?
link
mhils 1804 days ago
Yes, exactly!
link