Onnowpurbo: Created page with "==Using a custom server certificate== You can use your own (leaf) certificate by passing the --cert [domain=]path_to_certificate option to mitmproxy. Mitmproxy then uses the..."

2018-10-03T01:56:38Z

Created page with "==Using a custom server certificate== You can use your own (leaf) certificate by passing the --cert [domain=]path_to_certificate option to mitmproxy. Mitmproxy then uses the..."

New page

==Using a custom server certificate==

You can use your own (leaf) certificate by passing the --cert [domain=]path_to_certificate option to mitmproxy. Mitmproxy then uses the provided certificate for interception of the specified domain instead of generating a certificate signed by its own CA.

The certificate file is expected to be in the PEM format. You can include intermediary certificates right below your leaf certificate, so that your PEM file roughly looks like this:

-----BEGIN PRIVATE KEY-----
<private key>
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<cert>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediary cert (optional)>
-----END CERTIFICATE-----

For example, you can generate a certificate in this format using these instructions:

openssl genrsa -out cert.key 2048
# (Specify the mitm domain as Common Name, e.g. \*.google.com)
openssl req -new -x509 -key cert.key -out cert.crt
cat cert.key cert.crt \> cert.pem

Now, you can run mitmproxy with the generated certificate:

For all domain names

mitmproxy --cert *=cert.pem

For specific domain names

mitmproxy --cert *.example.com=cert.pem

Note: *.example.com is for all the subdomains. You can also use www.example.com for a particular subdomain.

MITM: mitmproxy generate certificate - Revision history

Onnowpurbo: Created page with "==Using a custom server certificate== You can use your own (leaf) certificate by passing the --cert [domain=]path_to_certificate option to mitmproxy. Mitmproxy then uses the..."