I'm using ubuntu 18.04 and I'm trying to cature http/https requests using mitmproxy
I was able to capture http/https requests sent by firefox browser by installing certificates on the browser and setting up browser proxy settings
But I want to capture every http/https request which are sent by any software in my computer.
So I installed system wide ssl certificate for mitmproxy and changed network proxy settings of the system. But now Mitmproxy doesn't capture any request.
network proxy settigns (manual)
127.0.0.1(localhost) port 4001
mitmproxy listening on
127.0.0.1(localhost) port 4001
what should I do? Have I done something wrong?
This is possible with mitmproxy running as a transparent proxy. See their documentation for how this is configured; your proxy box will need to be configured as the gateway for your testing box.
Related
My server has a main site which have SSL certificate installed. There is also a linux management panel which runs on port 8080 that does not support SSL. What I want is that the traffic from the client to CloudFlare is encrypted with CloudFlare's certificate, but leave the connection from CDN to my VPS server non-secure. Right now the SSL/TLS encryption mode is set to flexible, edge certificates shows active, and also I've turned off "always use https". When i tried to access the 8080 port with https prefix however I couldn't get through. Can someone offer me a way to acheive this: traffic from client to CDN encrypted, while CDN connects unsecured to my server. PS: I'm using the free plan of CloudFlare and since it's a personal site and I do not want to induce extra cost, hope I can solve this with in the free plan.
There are two ways to solve your problem using Cloudflare without any additional cost.
First of all turn ON always use HTTPS
Changing Flexible to Full in SSL/TLS setting in Cloudflare (Simple Way, No need any other setup in your server).
Which will encrypt the data transfer from Cloudflare to your server using a self-signed certificate.
Changing Flexible to Full(Strict) in SSL/TLS setting in Cloudflare (Need some work in your server).
For Full(Strict), Go to your origin server tab in SSL/TLS and press create a certificate to get your SSL Certificate. But this certificate is only valid between your server and cloudflare.
Then you need to install those certificates on your server.
Additional Steps(As you don't have an HTTPS setup in your VPS):
As you are using the port in your Webserver. So reverse proxy your application running on port 8080 using Apache, Nginx on the port 443. Check this answer for some idea.
I am able to reach my weblogic console over https connection but when I try to launch developer console that is setup as a managed server in the weblogic domain, it fails. However, I can reach the dev console over http port without any issues.
I checked the validity of certs installed my keystore and configured to enable ssl port in managed servers. I am not sure what I am missing here. Please advice if I am missing any additional checks/setups.
For eg,
http://<XXX.cname.com>:9005/console - works on http
https://<XXX.cname.com>:9009/edq - does not work on https
I verified from console that ports are right and ssl ports are enabled.
I try to get Cloudflare work with my website.
I have my website running on port 80 and my api on port 8443.
My proxy doesn't have a ssl certificate, I rely only on the one on Cloudflare.
I have set ssl to flexible.
I can access my website, but when I make an API call to my api on port 8443, I have the following message : CloudFlare is unable to establish an SSL connection to the origin server.
Do I need to have a certificate on my proxy for the API ?
Thanks for your help.
It sounds like you're using Cloudflare's Flexible SSL option whereby traffic is unencrypted to the origin web server (but encrypted from Cloudflare's Edge to the end-user).
This setting will only work for port 443->80, not for the other ports Cloudflare supports like 2053 (or 8443 in your case).
If you want to serve SSL traffic through a port other than 443, you will need to ensure your web server is configured to work with Cloudflare in either Full or Full (Strict) SSL mode.
For more info:
What do the SSL options mean?
I installed Wowza and is Streaming by this links:
HTTP:
http ://[my-ip]:1935/myapp/definst/mp4:00.Intro.mp4/manifest.mpd
and also on
http ://[my-subdomain]:1935/myapp/definst/mp4:00.Intro.mp4/manifest.mpd
When is config Wowza to be able to stream on port 80, it works again on these links:
http ://[my-ip]/myapp/definst/mp4:00.Intro.mp4/manifest.mpd
http ://[my-subdomain]/myapp/definst/mp4:00.Intro.mp4/manifest.mpd
but we must stream over SSL protocol.
means: HTTPS:
https ://[my-subdomain]/myapp/definst/mp4:00.Intro.mp4/manifest.mpd
We installed a wildcard SSL on our server and everything is working great. In general, port 1935 does not work over HTTPS! even when we add port 80 to Wowza, HTTPS connection is refused and we can't have streaming over https.
How can we stream over SSL on wowza? even with or without port 1935
Thanks
Yes, Wowza server supports streaming with SSL using StreamLock or your own SSL certificate.
You will need to set up a different port number for HTTPS. It could be that another process is using port 80. Port 443 is typically used.
From the Server tab, click Edit.
Click Add Host Port and fill in fields.
Check Enable SSL/StreamLock.
Save and re-start Wowza server.
Look in [install-dir]/logs/wowzastreamingengine_access.log for errors. It will give a clue as to whether there is a problem with the certificate, password or other.
I was recommend place a LB infront of my Wowza for SSL offloading so you can load the m3u8 over SSL. I was also told you can do that quite easily using HA Proxy for example. It is explained how to accomplish this here for RTMP but the same can obviously done with HTTP:
https://github.com/arut/nginx-rtmp-module/issues/457#issuecomment-250783255
Note, I have not tried this yet and I am unclear on exactly the proper use scenario. Nor, have I successfully enable StreamLock with my own cert nor the cert provided through Wowza. If I manage to do so I will update this thread. Hope this is helpful.
I want to use CharlesProxy to sniffer https requests ,i've installed the cert in my iphone, and set using ssl in CharlesProxy,but when the app make requests, Charles Proxy displays:Received Close notify during handshake
In the newer versions of Charles, the SSL certificate must be installed on the device from charlesproxy.com/getssl, while the device is already being proxied through the Charles instance that you want to use.
(As opposed to installing the SSL certificate from charlesproxy.com/charles.crt, with or without being proxied.)
Did you do this?