Unencrypted traffic between clients and proxy within LAN #5229
Replies: 2 comments 3 replies
-
You're looking for something like sslstrip (https://security.stackexchange.com/questions/41988/how-does-sslstrip-work). We do have an example addon that achieves something similar: https://github.com/mitmproxy/mitmproxy/blob/main/examples/contrib/sslstrip.py. That being said, I don't think you will meaningfully improve performance with this. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the reply! I'll take a look. Btw, I'm curious what the reason is for not improving the performance a lot? I was thinking I'll be saving half of the work by only decrypting and then not bothering with encrypting the traffic again (CPU consumption is my major concern). Could you please elaborate on this one? Or is there any guidance on performance tuning aspect? Thanks a lot! |
Beta Was this translation helpful? Give feedback.
-
Hi community,
Thanks for the wonderful mitmproxy tool it works really great and I love it so much!
I'm just wondering if it's possible for clients to communicate with the mitmproxy server unencrypted (vice versa) within private network (say home network). The flow would be: client requests an HTTPS page e.g. https://google.ca -> proxy talks to Google's server securely -> proxy decrypts the response -> all traffic between clients and proxy server are now plain unencrypted http traffic. Since it's within the home network, there is no safety concern I think (I would accept the risk if there actually is).
The motivation after this is performance. I would like to save some computation work by not encrypting the response again before sending back to the client. This will benefit old computers with less powerful resource too, which is my case here.
I'm not sure if this is supported or not. I don't know either how to set it up if mitmproxy does have this feature. Does anyone know?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions