from Hacker News

Mitmproxy 9: WireGuard Mode

by mhils on 10/29/22, 10:57 AM with 46 comments

  • by mhils on 10/29/22, 4:24 PM

    mitmproxy dev here, happy to answer questions once I'm back home later! :)

  • by ericb on 10/29/22, 3:19 PM

    Is the UDP work a precursor to HTTP/3 support? I don't see HTTP/3 mentioned in the announcement, so I assume that something else is needed to make it work still?

    Edit: I take that back, I see "Add HTTP/3 binary frame content view" in the commits. So does that mean it works? I would have thought that would be a headline-level announcement, though?

    Either way, amazing stuff, and thanks for the brilliant work!

  • by cjbprime on 10/29/22, 5:48 PM

    This looks great! My only frustration is not with mitmproxy, but macOS -- setting a proxy in System Preferences->Network isn't a guarantee that it will be used by apps, and there doesn't appear to be a clean way to force all traffic through a proxy.

  • by nanomonkey on 10/29/22, 10:10 PM

    A friend of mine claims to have found mitmproxy on her phone, and is worried that her ex husband is using it to track her movements and interactions. I am unable to find anything concrete to say whether or not this is a possibility. Anyone heard of something similar being done, and know how this could have been accomplished. She says he didn't have access to her phone, but I know he is technically capable.

  • by saghul on 10/29/22, 9:23 PM

    Nice work! Does this mean that intercepting WebRTC media traffic is now possible? It's DTLS, so I guess I'll have to check it out!

  • by armitron on 10/29/22, 11:03 PM

    This is crying to be rewritten in a faster language. Python is too inefficient for a lot of production mitm use cases.

  • by lordgrenville on 10/29/22, 5:59 PM

    I don't know anything about this project, can somebody explain what the (nonmalicious) use case would be?

  • by csdvrx on 10/29/22, 4:09 PM

    Do you have links for the Magisk module? (and ideally a quick android tutorial)

  • by spockz on 10/29/22, 6:07 PM

    Is there something like this that can introduce network latency, but on the TLS and/or HTTP level? E.g. delay TLS handshake (to simulate CRL checks), send headers but delay streaming, etc.

  • by syntaxing on 10/29/22, 8:29 PM

    Is there a good mitmproxy configuration that blocks ads network wide particularly YouTube? I tried using mitm-adblock but it was so slow it was unusable.

  • by GekkePrutser on 10/30/22, 5:44 AM

    Is the wireguard option also supported on the Basis? Especially FreeBSD which now has wireguard kernel support.

  • by dontbenebby on 10/29/22, 10:40 PM

    Thanks for this! I haven't really played around with packet captures since back before HTTPS was widespread but I've heard a lot of people gripe about it over the years.

    Big shoutout to one of the poor bastards who had me as their student back when Pitt segmented the school of information science away from the rest of the network.

    I have no idea if that's still the case, because those moron librarians added a card reader, and I don't know how to parkour onto the roof of that building.

    I got hung up on the fact an extra credit question go marked wrong because I said based on the SSID, the packets were from a BSD operating system. The TA marked it wrong and said "no, it's from an OSX system"... I ended up in the actual professor's office, with a listout of the various codes for manufacturers and pointing out there's no "OSX" specific one.

    (In retrospect, it was a situation where I was rules lawyering because I was pissed because I kept bumping into a string of people who'd tell me "It's not my job to teach you" only... they weren't some cute woman from Iowa in town for a book signing meeting me for espresso, they were literally a professor teaching, in one case, a "statistics for psychology students" course I selected EXPLICITLY because their students also haven't had Calculus... and they were tanking my GPA.

    Anyways, I'm re-hash-ing very old gripes, but it felt like something fundemental shifted when https went widespread, while universities seem to focus on weird CTF bullshit.

    (You can just message them on a dating application, though then they'll make a show of refusing to hire you and reporting you to the FBI as a possible cyberterrorist... like uh, I get that it's spooky season or whatever but if someone made an offer I wouldn't be a cyberterrorist anymore!!)

    Anyways, I am looking forward to playing with this after I clear my todos. Thanks for the hard work.