diff options
Diffstat (limited to 'doc-src')
| -rw-r--r-- | doc-src/_nav.html | 10 | ||||
| -rw-r--r-- | doc-src/certinstall/android-settingssecurityinstallca.png | bin | 57723 -> 0 bytes | |||
| -rw-r--r-- | doc-src/certinstall/android-settingssecuritymenu.png | bin | 75679 -> 0 bytes | |||
| -rw-r--r-- | doc-src/certinstall/android-settingssecurityuserinstalledca.png | bin | 47263 -> 0 bytes | |||
| -rw-r--r-- | doc-src/certinstall/android-shellwgetmitmproxyca.png | bin | 22198 -> 0 bytes | |||
| -rw-r--r-- | doc-src/certinstall/android.html | 53 | ||||
| -rw-r--r-- | doc-src/certinstall/firefox.html | 31 | ||||
| -rw-r--r-- | doc-src/certinstall/index.py | 9 | ||||
| -rw-r--r-- | doc-src/certinstall/ios-simulator.html | 23 | ||||
| -rw-r--r-- | doc-src/certinstall/ios.html | 27 | ||||
| -rw-r--r-- | doc-src/certinstall/java.html | 13 | ||||
| -rw-r--r-- | doc-src/certinstall/osx.html | 16 | ||||
| -rw-r--r-- | doc-src/certinstall/webapp.html | 13 | ||||
| -rw-r--r-- | doc-src/certinstall/windows7.html | 35 | ||||
| -rw-r--r-- | doc-src/index.py | 1 | ||||
| -rw-r--r-- | doc-src/ssl.html | 99 | ||||
| -rw-r--r-- | doc-src/tutorials/gamecenter.html | 5 |
17 files changed, 4 insertions, 331 deletions
diff --git a/doc-src/_nav.html b/doc-src/_nav.html index 69175c0c..3efff40b 100644 --- a/doc-src/_nav.html +++ b/doc-src/_nav.html @@ -29,15 +29,7 @@ <li class="nav-header">Installing Certificates</li> - $!nav("ssl.html", this, state)!$ - $!nav("certinstall/webapp.html", this, state)!$ - $!nav("certinstall/android.html", this, state)!$ - $!nav("certinstall/firefox.html", this, state)!$ - $!nav("certinstall/ios.html", this, state)!$ - $!nav("certinstall/ios-simulator.html", this, state)!$ - $!nav("certinstall/java.html", this, state)!$ - $!nav("certinstall/osx.html", this, state)!$ - $!nav("certinstall/windows7.html", this, state)!$ + $!nav("certinstall/ssl.html", this, state)!$ <li class="nav-header">Transparent Proxying</li> $!nav("transparent.html", this, state)!$ diff --git a/doc-src/certinstall/android-settingssecurityinstallca.png b/doc-src/certinstall/android-settingssecurityinstallca.png Binary files differdeleted file mode 100644 index f0f97273..00000000 --- a/doc-src/certinstall/android-settingssecurityinstallca.png +++ /dev/null diff --git a/doc-src/certinstall/android-settingssecuritymenu.png b/doc-src/certinstall/android-settingssecuritymenu.png Binary files differdeleted file mode 100644 index fea412fe..00000000 --- a/doc-src/certinstall/android-settingssecuritymenu.png +++ /dev/null diff --git a/doc-src/certinstall/android-settingssecurityuserinstalledca.png b/doc-src/certinstall/android-settingssecurityuserinstalledca.png Binary files differdeleted file mode 100644 index 1f7717ad..00000000 --- a/doc-src/certinstall/android-settingssecurityuserinstalledca.png +++ /dev/null diff --git a/doc-src/certinstall/android-shellwgetmitmproxyca.png b/doc-src/certinstall/android-shellwgetmitmproxyca.png Binary files differdeleted file mode 100644 index 4a4e326f..00000000 --- a/doc-src/certinstall/android-shellwgetmitmproxyca.png +++ /dev/null diff --git a/doc-src/certinstall/android.html b/doc-src/certinstall/android.html deleted file mode 100644 index 73fc4d8b..00000000 --- a/doc-src/certinstall/android.html +++ /dev/null @@ -1,53 +0,0 @@ -The proxy situation on Android is [an -embarrasment](http://code.google.com/p/android/issues/detail?id=1273). It's -scarcely credible, but Android didn't have a global proxy setting at all until -quite recently, and it's still not supported on many common Android versions. -In the meantime the app ecosystem has grown used to life without this basic -necessity, and many apps merrily ignore it even if it's there. This situation -is improving, but in many circumstances using [transparent -mode](@!urlTo("transparent.html")!@) is mandatory for testing Android apps. - -We used both an Asus Transformer Prime TF201 (Android 4.0.3) and a Nexus 4 -(Android 4.4.4) in the examples below - your device may differ, but the broad -process should be similar. On **emulated devices**, there are some [additional -quirks](https://github.com/mitmproxy/mitmproxy/issues/204#issuecomment-32837093) -to consider. - - -## Getting the certificate onto the device - -The easiest way to get the certificate to the device is to use [the web -app](@!urlTo("webapp.html")!@). In the rare cases where the web app doesn't -work, you will need to get the __mitmproxy-ca-cert.cer__ file into the -__/sdcard__ folder on the device (/sdcard/Download on older devices). This can -be accomplished in a number of ways: - -- If you have the Android Developer Tools installed, you can use [__adb -push__](http://developer.android.com/tools/help/adb.html). -- Using a file transfer program like wget (installed on the Android device) to -copy the file over. -- Transfer the file using external media like an SD Card. - -Once we have the certificate on the local disk, we need to import it into the -list of trusted CAs. Go to Settings -> Security -> Credential Storage, -and select "Install from storage": - -<img src="android-settingssecuritymenu.png"/> - -The certificate in /sdcard is automatically located and offered for -installation. Installing the cert will delete the download file from the local -disk. - - -## Installing the certificate - -You should now see something like this (you may have to explicitly name the -certificate): - -<img src="android-settingssecurityinstallca.png"/> - -Click OK, and you should then see the certificate listed in the Trusted -Credentials store: - -<img src="android-settingssecurityuserinstalledca.png"/> - diff --git a/doc-src/certinstall/firefox.html b/doc-src/certinstall/firefox.html deleted file mode 100644 index bb9ba05b..00000000 --- a/doc-src/certinstall/firefox.html +++ /dev/null @@ -1,31 +0,0 @@ -## Get the certificate to the browser - -The easiest way to get the certificate to the browser is to use [the web -app](@!urlTo("webapp.html")!@). If this fails, do the following: - - -<ol class="tlist"> - <li> If needed, copy the ~/.mitmproxy/mitmproxy-ca-cert.pem file to the target. </li> - - <li>Open preferences, click on "Advanced", then select"Certificates": - <img src="@!urlTo('firefox3.jpg')!@"/> - </li> - - <li> Click "View Certificates", "Import", and select the certificate file: - <img src="@!urlTo('firefox3-import.jpg')!@"/> - </li> - -</ol> - - -## Installing the certificate - -<ol class="tlist"> - <li>Tick "Trust this CA to identify web sites", and click "Ok": - <img src="@!urlTo('firefox3-trust.jpg')!@"/> - </li> - - <li> You should now see the mitmproxy certificate listed in the Authorities - tab.</li> -</ol> - diff --git a/doc-src/certinstall/index.py b/doc-src/certinstall/index.py index d6b1e417..67e6185b 100644 --- a/doc-src/certinstall/index.py +++ b/doc-src/certinstall/index.py @@ -1,13 +1,6 @@ from countershape import Page pages = [ - Page("webapp.html", "Using the Web App"), - Page("firefox.html", "Firefox"), - Page("osx.html", "OSX"), - Page("windows7.html", "Windows 7"), - Page("ios.html", "IOS"), - Page("ios-simulator.html", "IOS Simulator"), - Page("android.html", "Android"), - Page("java.html", "Java"), + Page("ssl.html", "SSL Options"), Page("mitm.it-error.html", "Error: No proxy configured"), ] diff --git a/doc-src/certinstall/ios-simulator.html b/doc-src/certinstall/ios-simulator.html deleted file mode 100644 index 9eb98108..00000000 --- a/doc-src/certinstall/ios-simulator.html +++ /dev/null @@ -1,23 +0,0 @@ - -How to install the __mitmproxy__ certificate authority in the IOS simulator: - -<ol class="tlist"> - - <li> First, check out the <a - href="https://github.com/ADVTOOLS/ADVTrustStore">ADVTrustStore</a> tool - from github.</li> - - <li> Now, run the following command: - - <pre class="terminal">./iosCertTrustManager.py -a ~/.mitmproxy/mitmproxy-ca-cert.pem</pre> - - </li> - -</ol> - - -Note that although the IOS simulator has its own certificate store, it shares -the proxy settings of the host operating system. You will therefore to have -configure your OSX host's proxy settings to use the mitmproxy instance you want -to test with. - diff --git a/doc-src/certinstall/ios.html b/doc-src/certinstall/ios.html deleted file mode 100644 index c12d65f6..00000000 --- a/doc-src/certinstall/ios.html +++ /dev/null @@ -1,27 +0,0 @@ - -## Getting the certificate onto the device - -The easiest way to get the certificate to the device is to use [the web -app](@!urlTo("webapp.html")!@). In the rare cases where the web app doesn't -work, you will need to get the __mitmproxy-ca-cert.pem__ file to the device to -install it. The easiest way to accomplish this is to set up the Mail app on the -device, and to email it over as an attachment. Open the email, tap on the -attachment, then proceed with the install. - - -## Installing the certificate - -<ol class="tlist"> - <li>You will be prompted to install a profile. Click "Install": - - <img src="@!urlTo('ios-profile.png')!@"/></li> - - <li>Accept the warning by clicking "Install" again: - - <img src="@!urlTo('ios-warning.png')!@"/></li> - - <li>The certificate should now be trusted: - - <img src="@!urlTo('ios-installed.png')!@"/></li> - -</ol> diff --git a/doc-src/certinstall/java.html b/doc-src/certinstall/java.html deleted file mode 100644 index f6420991..00000000 --- a/doc-src/certinstall/java.html +++ /dev/null @@ -1,13 +0,0 @@ - -You can add the mitmproxy certificates to the Java trust store using -[keytool](http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html). -On OSX, the required command looks like this: - -<pre class="terminal"> -sudo keytool -importcert -alias mitmproxy -storepass "password" \ --keystore /System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts \ --trustcacerts -file ~/.mitmproxy/mitmproxy-ca-cert.pem -</pre> - -Note that your store password will (hopefully) be different from the one above. - diff --git a/doc-src/certinstall/osx.html b/doc-src/certinstall/osx.html deleted file mode 100644 index a532d538..00000000 --- a/doc-src/certinstall/osx.html +++ /dev/null @@ -1,16 +0,0 @@ - -How to install the __mitmproxy__ certificate authority in OSX: - -<ol class="tlist"> - - <li>Open Finder, and double-click on the mitmproxy-ca-cert.pem file.</li> - - <li>You will be prompted to add the certificate. Click "Always Trust": - - <img src="@!urlTo('osx-addcert-alwaystrust.png')!@"/> - </li> - - <li> You may be prompted for your password. You should now see the - mitmproxy cert listed under "Certificates".</li> -</ol> - diff --git a/doc-src/certinstall/webapp.html b/doc-src/certinstall/webapp.html deleted file mode 100644 index 478da96c..00000000 --- a/doc-src/certinstall/webapp.html +++ /dev/null @@ -1,13 +0,0 @@ - -By far the easiest way to install the mitmproxy certs is to use the built-in -web app. To do this, start mitmproxy and configure your target device with the -correct proxy settings. Now start a browser on the device, and visit the magic -domain **mitm.it**. You should see something like this: - -<img src="@!urlTo("webapp.png")!@"></img> - -Just click on the relevant icon, and then follow the setup instructions -for the platform you're on. - -Make sure you aren't using a bandwith optimizer (like Google's Data Compression -Proxy on Chrome for Android) or the page will not load. diff --git a/doc-src/certinstall/windows7.html b/doc-src/certinstall/windows7.html deleted file mode 100644 index 7a4cc3d2..00000000 --- a/doc-src/certinstall/windows7.html +++ /dev/null @@ -1,35 +0,0 @@ - -How to install the __mitmproxy__ certificate authority in Windows 7: - -<ol class="tlist"> - - <li> The easiest way to get the certificate to the device is to use <a - href="@!urlTo("webapp.html")!@">the web app</a>. If this fails for some - reason, simply copy the ~/.mitmproxy/mitmproxy-ca-cert.p12 file to the - target system and double-click it. </li> - - <li> - You should see a certificate import wizard: - - <img src="@!urlTo('win7-wizard.png')!@"/> - </li> - - <li> - Click "Next" until you're prompted for the certificate store: - - <img src="@!urlTo('win7-certstore.png')!@"/> - - </li> - - - <li> - <p>Select "Place all certificates in the following store", and select "Trusted Root Certification Authorities":</p> - - <img src="@!urlTo('win7-certstore-trustedroot.png')!@"/> - - </li> - - <li> Click "Next" and "Finish". </li> - -</ol> - diff --git a/doc-src/index.py b/doc-src/index.py index 753f90a5..1c1203f8 100644 --- a/doc-src/index.py +++ b/doc-src/index.py @@ -67,7 +67,6 @@ pages = [ Page("mitmdump.html", "mitmdump"), Page("config.html", "configuration"), - Page("ssl.html", "Overview"), Directory("certinstall"), Directory("scripting"), Directory("tutorials"), diff --git a/doc-src/ssl.html b/doc-src/ssl.html deleted file mode 100644 index de45bd29..00000000 --- a/doc-src/ssl.html +++ /dev/null @@ -1,99 +0,0 @@ - -The first time __mitmproxy__ or __mitmdump__ is run, a set of certificate files -for the mitmproxy Certificate Authority are created in the config directory -(~/.mitmproxy by default). This CA is used for on-the-fly generation of dummy -certificates for SSL interception. Since your browser won't trust the -__mitmproxy__ CA out of the box (and rightly so), you will see an SSL cert -warning every time you visit a new SSL domain through __mitmproxy__. When -you're testing a single site through a browser, just accepting the bogus SSL -cert manually is not too much trouble, but there are a many circumstances where -you will want to configure your testing system or browser to trust the -__mitmproxy__ CA as a signing root authority. - - -CA and cert files ------------------ - -The files created by mitmproxy in the .mitmproxy directory are as follows: - -<table class="table"> - <tr> - <td class="nowrap">mitmproxy-ca.pem</td> - <td>The private key and certificate in PEM format.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.pem</td> - <td>The certificate in PEM format. Use this to distribute to most - non-Windows platforms.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.p12</td> - <td>The certificate in PKCS12 format. For use on Windows.</td> - </tr> - <tr> - <td class="nowrap">mitmproxy-ca-cert.cer</td> - <td>Same file as .pem, but with an extension expected by some Android - devices.</td> - </tr> -</table> - - -Using a custom certificate --------------------------- - -You can use your own certificate by passing the <kbd>--cert</kbd> option to mitmproxy. mitmproxy then uses the provided -certificate for interception of the specified domains instead of generating a cert signed by its own CA. - -The certificate file is expected to be in the PEM format. -You can include intermediary certificates right below your leaf certificate, so that you PEM file roughly looks like -this: - -<pre> ------BEGIN PRIVATE KEY----- -<private key> ------END PRIVATE KEY----- ------BEGIN CERTIFICATE----- -<cert> ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -<intermediary cert (optional)> ------END CERTIFICATE----- -</pre> - -For example, you can generate a certificate in this format using these instructions: - -<pre class="terminal"> -> openssl genrsa -out cert.key 8192 -> openssl req -new -x509 -key cert.key -out cert.crt - (Specify the mitm domain as Common Name, e.g. *.google.com) -> cat cert.key cert.crt > cert.pem -> mitmproxy --cert=cert.pem -</pre> - -Using a client side certificate ------------------------------------- -You can use a client certificate by passing the <kbd>--client-certs DIRECTORY</kbd> option to mitmproxy. -If you visit example.org, mitmproxy looks for a file named example.org.pem in the specified directory -and uses this as the client cert. The certificate file needs to be in the PEM format and should contain -both the unencrypted private key as well as the certificate. - - -Using a custom certificate authority ------------------------------------- - -By default, mitmproxy will (generate and) use <samp>~/.mitmproxy/mitmproxy-ca.pem</samp> as the default certificate -authority to generate certificates for all domains for which no custom certificate is provided (see above). -You can use your own certificate authority by passing the <kbd>--confdir</kbd> option to mitmproxy. -mitmproxy will then look for <samp>mitmproxy-ca.pem</samp> in the specified directory. If no such file exists, -it will be generated automatically. - -Installing the mitmproxy CA ---------------------------- - -* [Firefox](@!urlTo("certinstall/firefox.html")!@) -* [OSX](@!urlTo("certinstall/osx.html")!@) -* [Windows 7](@!urlTo("certinstall/windows7.html")!@) -* [iPhone/iPad](@!urlTo("certinstall/ios.html")!@) -* [IOS Simulator](@!urlTo("certinstall/ios-simulator.html")!@) -* [Android](@!urlTo("certinstall/android.html")!@) - diff --git a/doc-src/tutorials/gamecenter.html b/doc-src/tutorials/gamecenter.html index 5998f889..8d2e9bc5 100644 --- a/doc-src/tutorials/gamecenter.html +++ b/doc-src/tutorials/gamecenter.html @@ -2,9 +2,8 @@ ## The setup In this tutorial, I'm going to show you how simple it is to creatively -interfere with Apple Game Center traffic using mitmproxy. To set things up, I -registered my mitmproxy CA certificate with my iPhone - there's a [step by step -set of instructions](@!urlTo("certinstall/ios.html")!@) elsewhere in this manual. I then +interfere with Apple Game Center traffic using mitmproxy. To set things up, +you must install the [mitmproxy root certificate](@!urlTo("certinstall/ssl.html")!@). I then started mitmproxy on my desktop, and configured the iPhone to use it as a proxy. |
