Mitmproxy 啟用 Https

之前筆記 安裝 Mitmproxy 提到 Mitmproxy 在存取 https 資源時會出現問題,雖然在 curl 使用時加上 --insecure 或是 -k 就可以避免問題,但是總覺得麻煩也不夠漂亮,所以順手紀錄解決方式囉

基本環境說明

  1. Azure VM 標準 B2s (2 vcpu,4 GiB 記憶體)
  2. CentOS 7.7
  3. Mitmproxy v5.1.1
  4. Python 3.6.8
  5. OpenSSL 1.1.1g 21 Apr 2020

安裝步驟

  1. 憑證 pem 轉為 crt

    cd ~/.mitmproxy openssl x509 -in mitmproxy-ca-cert.pem -inform PEM -out mitmproxy-ca-cert.crt

  2. 安裝憑證

    update-ca-trust force-enable
    cp mitmproxy-ca-cert.crt /etc/pki/ca-trust/source/anchors/
    update-ca-trust extract
    
  3. 啟動 mitmproxy

    mitmproxy
    

實際效果

  1. 修改前:存取 https 網站有提示憑證未信任

    • 提示訊息

      [root@blogdemo ~]# curl -x localhost:8080 -L 
      curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
      More details here: http://curl.haxx.se/docs/sslcerts.html
      
      curl performs SSL certificate verification by default, using a "bundle"
       of Certificate Authority (CA) public keys (CA certs). If the default
       bundle file isn't adequate, you can specify an alternate file
       using the --cacert option.
      If this HTTPS server uses a certificate signed by a CA represented in
       the bundle, the certificate verification probably failed due to a
       problem with the certificate (it might be expired, or the name might
       not match the domain name in the URL).
      If you'd like to turn off curl's verification of the certificate, use
       the -k (or --insecure) option.
      
    • 異常截圖

      1nottrusted

  2. 修改後:直接正確存取

    2trusted

心得

設定上步驟不多,但我沒找到官方的說明頁面,加上大部份操作步驟我也不懂背後的機制,就不多做評論了,如果日後真的理解了再來補充吧

參考資訊

  1. mitmproxy 安装指南
  2. 安裝 Mitmproxy