-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can I get the MITM certificate from a flow in a script hook? #1935
Conversation
From what I can tell, the Or am I overlooking something that I can use to get the MITM cert? |
Getting the mitmproxy certificate in tcp_message seems to be too late for what you are trying to do - we have already established a TLS connection then. Is this just about a few domains or shall this work generically? For the former case, I'd recommend to just use |
Thanks for the quick response!
Would it be easier to get in
Yes, I've used
Would you suggest something like this, setting the @@ -259,21 +259,25 @@ def find_cert(self):
# RFC 2818: If a subjectAltName extension of type dNSName is present, that MUST be used as the identity.
# In other words, the Common Name is irrelevant then.
if host:
sans.add(host)
- return self.config.certstore.get_cert(host, list(sans))
+
+ # Save the certificate sent to the client in the server_conn
+ self.server_conn.mitmcert = self.config.certstore.get_cert(host, list(sans))
+ return self.server_conn.mitmcert |
If I understand you correctly, you want to modify the certificate that is shown to the client during the handshake, right? Any of the |
Aha, I should be clearer in my goal. I don't actually need to modify the certificate that is shown to the client; I'm quite happy having mitmproxy generate certs on-the-fly, as long as I can lie about them self-consistently within each client session :-P I just need to be able to access the MITM certificate used for the ongoing connection, so that I can generate its digest, and feed it to the client in the application-layer response. |
Great, I'll take a crack at it!
In my experience analyzing VPNs, peers often exchange certificates or digests at the application layer. It's often useful to know what MITM certificate we're sending to the client, so that we can inject it at the app layer as well. |
@dlenski wrote: > @mhils wrote: > > I'm wondering if there is a general use-case here that warrants adding > > this to the ServerConnection properly so that it does get persisted. > > In my experience reverse engineering VPNs, peers often exchange > certificates or digests at the application layer. It's often useful to > know what MITM certificate we're sending to the client, so that we can > inject it at the app layer as well.
I'm using mitmdump 1.0.2 to intercept a TLS connection and log and modify it with TCP hooks (
--tcp foo.host.com -s script.py
).I need to find and replace the hex/ASCII digest of the upstream server certificate with the digest of mitmproxy's generated certificate—because the client expects to receive and check the certificate hash at the application level.
I can easily get the real/upstream server certificate from
flow.server_conn.cert
. But how can I get the generated/MITM cert sent to the client in the TCP hooks?