Use when discussing mitmproxy software - not really suitable for the general case of discussing MITM attacks using a proxy.
mITMProxy is "a free and open source interactive https proxy) - available from mitmproxy.org
Questions tagged [mitmproxy]
11 questions
10
votes
3 answers
how to ignore HSTS on Chrome?
am running Chrome 103.0.5060.66 and intentionally MITM'ing myself with Fiddler Proxy, and it works on websites not using HSTS, but breaks on HSTS sites. How can i tell Chrome to ignore HSTS? example of a website using HSTS: https://www.century21.pt/…
hanshenrik
- 1,925
- 3
- 25
- 38
2
votes
1 answer
How can I prevent a redirect loop with iptables when running a local forward proxy?
I'm trying to forward outgoing traffic to a forward proxy called mitmproxy running on my machine. I've tried using the following two approaches (see below), one using ttl and one setting a mark. Unfortunately both of the approaches create a network…
mikeLundquist
- 151
2
votes
0 answers
how to ignore HSTS on Firefox?
am running Firefox 91.11.0esr and intentionally MITM'ing myself with Fiddler Proxy, and it works on websites not using HSTS, but breaks on HSTS sites. How can i tell firefox to ignore HSTS? googling suggest going to about:settings and…
hanshenrik
- 1,925
- 3
- 25
- 38
1
vote
1 answer
Put mitmproxy behind a reverse proxy
I have a mitmproxy instance running on port 2222. I want to put it behind a reverse proxy (like Nginx or Caddy), so I can use it as mitmproxy.tld. It seems that mitmproxy can't be accessed by anything other than 127.0.0.1 or localhost, though I'm…
1
vote
0 answers
Is there any way to ignore ALL certificate-related issues in Firefox?
I know there is a similar question, but my issue is a bit different. I am trying to implement what is basically a MITM "attack". Using quotation marks, because it's not an attack, rather, I am attempting to capture traffic while accessing a site via…
user1137025
- 11
- 1
0
votes
0 answers
How to watch a traffic for a specific app?
I would like to see what is going on when the app (win32 executable) is waiting for a response from the server.
For the web application, when you want to check the network activity, you go to Chrome Dev Tool and check the Network tab to see the…
aspirinemaga
- 261
0
votes
1 answer
Can VPN protected internet trafic be easily eavesdropped on by an attacker who knows the victims VPN login-credentials?
I am reffering to commercial VPN providers, e.g. NordVPN
How sophisticated must an attacker be?
Usal
- 21
0
votes
0 answers
Can a Google administrator lock down the ability to use a custom SSL Certificate Authority on a Chromebook?
We have a Raspberry Pi mitmproxy set up in our home to help monitor our young children's internet activities. (Yes, save the lecture, we also communicate with our kids. This is one extra safeguard in place - not a "solution".)
Recently, with the…
chaimp
- 215
0
votes
0 answers
How do I install the certificate in firefox?
So I've been trying to get this program working: mitmproxy. The program is a proxy tool to play around with HTTP and HTTPS traffic. For it to work with a browser correctly you need to configure Firefox with something call a certificate.
I've been…
aoeu
- 1
0
votes
2 answers
How to work around this `Your connection is not secure` error in Firefox when using mitmweb?
I am trying to use mitmweb as a proxy to audit some web front end performance issue.
However when I tried to connect to my work website, I got the following error:
Here is my proxy settings of Firefox:
Here is how I started mitmweb:
mitmweb -p…
Anthony Kong
- 5,318
-2
votes
1 answer
Would it be beneficial when trying to decrypt network traffic, to while sniffing on the network, if target sends known file, can this help solve dcrpt
If a known file is sent from on network computer to yourself, or to some other network computer, is there a way this can be leveraged to solve decryption?
Jay arech
- 11