On Mon, Feb 6, 2023 at 4:04 AM Zbyněk Kačer <[email protected]> wrote: > > I will now try to decrypt the tcp channel - there must be something > useful inside. But so far it refuses to use mitmproxy.
You may well need to use TRANSPARENT proxying (https://docs.mitmproxy.org/stable/howto-transparent/) in order to force it through the proxy. - "Normal" MITM proxying: you set up a proxy via a normal proxy protocol (e.g. socks or http) and tell applications to use it. That proxy application MITM's your TLS/DTLS connections. Some applications can and do ignore it. - "Transparent" MITM proxying: your proxy runs as an unavoidable hop on the IP-based connection path between the client application and the public Internet. Individual applications cannot avoid connecting through it. This isn't quite as easy to setup as a "normal" MITM proxy, but if you're MITM'ing an application running on a VM under a Linux host, it's still pretty easy. See https://www.infradead.org/openconnect/mitm.html and https://docs.mitmproxy.org/stable/howto-transparent-vms. _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
