Comments (4)
mhils
commented on June 14, 2024
Which docker image are you using? If you are using "latest" (soon-to-be
3.0), `--set ssl_insecure` is the correct way. That's not really documented
yet as 3.0 is not out. If you are using <3.0, --insecure should work.
…On Tue, 26 Dec 2017, 01:05 Alexander Veit, ***@***.***> wrote:
When connecting to a site with a self-signed certificate mitmproxy issues
a 502 Bad Gateway error. The connection cannot be established.
A web search suggested parameters and configuration options like
--verify-upstream-cert, --insecure, and ssl_insecure, as well as a
config.yaml. But none of them seem to be documented in a way such that it
could be used with the docker image.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#21>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/AA-NPtVrbLxASR5q3TRqppEEhF2_uZb7ks5tEDhFgaJpZM4RMa1->
.
from docker-releases.
veita
commented on June 14, 2024
I'm using the latest image (id 52c914698058). I've tried
docker run --rm -it \
-v /home/mitmproxy/.mitmproxy:/home/mitmproxy/.mitmproxy \
-p 8888:8080 \
mitmproxy/mitmproxy --set ssl_insecure
and
docker run --rm -it \
-v /home/mitmproxy/.mitmproxy:/home/mitmproxy/.mitmproxy \
-p 8888:8080 \
mitmproxy/mitmproxy --insecure
but only get error /usr/local/bin/docker-entrypoint.sh: exec: line 13: --set: not found and /usr/local/bin/docker-entrypoint.sh: exec: line 13: --insecure: not found respectively.
BTW, what is the rationale behind verifying upstream certificates by default? For all use cases I could imagine not verifying by default would be the better choice. Especially for software testing and debugging in corporate networks where you normally have self-signed certificates, the current behaviour makes using the tool more difficult than it probably should be.
from docker-releases.
mhils
commented on June 14, 2024
You want ... mitmproxy/mitmproxy mitmproxy --set ssl_insecure - the --set part overrides the default mitmproxy command. If youj think it'd be useful, I'd be happy to merge a PR that prepends "mitmproxy" if the command starts with a dash for cases like this.
BTW, what is the rationale behind verifying upstream certificates by default?
The rationale is that we want to be secure-by-default. It is a reasonable assumption that TLS certificates are verified, so we do not want anyone to have a bad surprise even if that is a bit annoying in many cases.
from docker-releases.
veita
commented on June 14, 2024
I had not tried this variant. ... mitmproxy --insecure works with the image mentioned above. Thanks for this!
If youj think it'd be useful, I'd be happy to merge a PR that prepends "mitmproxy" if the command starts with a dash for cases like this.
Ok, I will try.
But the real problem is the undocumented parameter required to successfully use the image with self-signed certificates (which is probably the most common case in software development). In my opinion this should be fixed in the README.md along with a hint to ... mitmproxy --help for further documentation .
The rationale is that we want to be secure-by-default.
I agree that security by default is an important principle in use cases where security is required.
But it's kind of funny for a tool whose sole purpose is to eavesdrop on encrypted communication. :)
from docker-releases.
Related Issues (18)
- consider using tags for the different releases HOT 1
- docker-entrypoint.sh execution flag is lacking HOT 2
- mitmweb HOT 2
- when run docker run with external volume, got chown error. HOT 1
- the "latest" tag is failed for a while HOT 1
- want to modify the image to run bash get errors HOT 1
- setup question: mitmproxy between hosts file and another proxy HOT 1
- Cannot establish TLS with client (sni: beacons5.gvt3.com): TlsException("(-1, 'Unexpected EOF')",) HOT 2
- starting errors HOT 1
- Mitmweb Process Only Listens to Localhost HOT 4
- Can't export flow neither to clipboard or file HOT 1
- Docker missing the ability to set an upstream proxy HOT 4
- Potential Issue with Console width? HOT 3
- Crash on Startup HOT 2
- Update Docker Releases to Python 3
- Permission denied: '/home/mitmproxy/.mitmproxy/mitmproxy-ca.pem' HOT 3
- Create tagged image for 0.18.2 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-releases.