MITM: mitmproxy generate certificate

From OnnoWiki
Jump to navigation Jump to search

Using a custom server certificate

You can use your own (leaf) certificate by passing the --cert [domain=]path_to_certificate option to mitmproxy. Mitmproxy then uses the provided certificate for interception of the specified domain instead of generating a certificate signed by its own CA.

The certificate file is expected to be in the PEM format. You can include intermediary certificates right below your leaf certificate, so that your PEM file roughly looks like this: 

-----BEGIN PRIVATE KEY-----
<private key>
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<cert>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediary cert (optional)>
-----END CERTIFICATE-----

For example, you can generate a certificate in this format using these instructions: 

openssl genrsa -out cert.key 2048
# (Specify the mitm domain as Common Name, e.g. \*.google.com)
openssl req -new -x509 -key cert.key -out cert.crt
cat cert.key cert.crt \> cert.pem

Now, you can run mitmproxy with the generated certificate:

For all domain names 

mitmproxy --cert *=cert.pem

For specific domain names 

mitmproxy --cert *.example.com=cert.pem

Note: *.example.com is for all the subdomains. You can also use www.example.com for a particular subdomain.

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_mitmproxy_generate_certificate&oldid=51926"