-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcard / RegEx SSL ByPass #162
Comments
Can you share some context? Why are you connecting to a large number of unknown invalid SSL servers? Note that for self-signed certificates, you can just trust the CA instead using the |
Im talking about the sslPassthrough Option in the https Options when you initialize the Proxy. |
Ah, I see, sorry I thought you meant a different option. This makes sense, I can see how that would be useful. I think a regex would be preferable, since that's more flexible and we already have various APIs available which use regexes elsewhere. Want to make a PR? One challenge here is that these options are also sent by remote clients, just serialized as JSON, and regexps don't serialize by default, so a tiny bit of serialization/deserialization logic to transfer regex configuration would be required. Happy to give you some pointers on how to make that work if you're interested, and you could start with just server-side support first anyway. |
Sure you can give me some starting points, i wont be able to test this properly but i can share some modifications if it works for simple usecases without remote clients. But good point. You refering to the Admin api when you say remote clients right? |
Yes, exactly
To make this happen, we'd need to:
|
I find myself in a similar situation, but somehow reversed: I'd like for all requests to "passThroughTLS" unless it's a specific domain. I'm using mockttp as a system proxy and I really just want to intercept and modify requests for a specific domain, ideally all other traffic would be left completely untouched. Basically I'm looking for a solution similar to mitmproxy's Would this be possible with mockttp ? |
Good suggestion @lipsumar! That definitely makes sense. This would require a different change to the options format used - since it'd be very awkward to do this via an array of positive regex matches, it'd need to be a different option entirely, or an explicitly separate option value like Thats all quite possible though, and it's a compelling use case. Want to open a PR? In the meantime, the best alternative solution to this would be to handle it in the noproxy settings of the client - most clients support some kind of config on their side that can do this. That's less flexible to configure, but it should do what you need. |
How about this: type MockttpHttpsOptions = CAOptions & {
// ...existing options
tlsOnlyFor?: Array<{ hostname: string }>;
} This option would be the exact inverse of If this direction works for you then I'll open a PR. |
Sure, that makes sense... How about Anyway the name is a small detail we can tweak easily until release. Regardless, yes - let's go that route. Happy to go with whatever name you like best and worry about that later. We can add regexes/wildcards (the original issue here) on top for both cases later on, so just an array type matching the existing |
It would really be usefull if we could just add a *.domain.com to bypass ssl
or use a regex
The text was updated successfully, but these errors were encountered: