Mitmproxy 啟用 Https

之前筆記 安裝 Mitmproxy 提到 Mitmproxy 在存取 https 資源時會出現問題,雖然在 curl 使用時加上 --insecure 或是 -k 就可以避免問題,但是總覺得麻煩也不夠漂亮,所以順手紀錄解決方式囉


  1. Azure VM 標準 B2s (2 vcpu,4 GiB 記憶體)
  2. CentOS 7.7
  3. Mitmproxy v5.1.1
  4. Python 3.6.8
  5. OpenSSL 1.1.1g 21 Apr 2020


  1. 憑證 pem 轉為 crt

    cd ~/.mitmproxy openssl x509 -in mitmproxy-ca-cert.pem -inform PEM -out mitmproxy-ca-cert.crt

  2. 安裝憑證

    update-ca-trust force-enable
    cp mitmproxy-ca-cert.crt /etc/pki/ca-trust/source/anchors/
    update-ca-trust extract
  3. 啟動 mitmproxy



  1. 修改前:存取 https 網站有提示憑證未信任

    • 提示訊息

      [root@blogdemo ~]# curl -x localhost:8080 -L 
      curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
      More details here:
      curl performs SSL certificate verification by default, using a "bundle"
       of Certificate Authority (CA) public keys (CA certs). If the default
       bundle file isn't adequate, you can specify an alternate file
       using the --cacert option.
      If this HTTPS server uses a certificate signed by a CA represented in
       the bundle, the certificate verification probably failed due to a
       problem with the certificate (it might be expired, or the name might
       not match the domain name in the URL).
      If you'd like to turn off curl's verification of the certificate, use
       the -k (or --insecure) option.
    • 異常截圖


  2. 修改後:直接正確存取





  1. mitmproxy 安装指南
  2. 安裝 Mitmproxy