3

I use mitmproxy to gather intel from outbound AS2 (HTTP) requests leaving our network. The schema goes like this:

Mendelson AS2 ➡ mitmproxy ➡ partner AS2 server
                          ↘
                           redis

Where possible, I need to verify all SSL certs to make sure the business connection is safe. Some partners use less known CAs which I then add to a truststore used by the ssl_verify_upstream_trusted_ca option.

Some partners though don't really care about security and I need to trust their certificates no matter what. How do I do that in mitmproxy? Disabling the verification entirely isn't an option.

Thank you.

Newerth
  • 449
  • 2
  • 12
  • This issue is already being discussed on GitHub: https://github.com/mitmproxy/mitmproxy/issues/5019 – Newerth Jan 03 '22 at 15:38

1 Answers1

0

It's been a while since I've tried to solve this using a custom addon and it seems to work fine so I'll share it here:

https://gist.github.com/jsmucr/24cf0859dd7c9bba8eb2817d7b0bf4b6

This approach has a bit of disadvantage and that's the fact that it doesn't check if the peer certificate changes.

Newerth
  • 449
  • 2
  • 12