Here's a preview from my zine, Bite Size Networking!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
get the zine!
read the transcript!
panel 1:
phone: ???
server: ???
small sad stick figure, thinking: what is my phone saying about me? looks like it’s encrypted
panel 2:
mitmproxy can proxy connections from your laptop or phone and let you see the contents. It even works with encrypted connections.
An illustration showing a phone, a server (represented by a box with a smiley face), and mitmproxy between them. There are arrows going to and from mitmproxy and the phone and server.
how you use it
- install mitmproxy root CA on your laptop/phone
- run
mitmweb(web UI version) on computer - tell the program/phone to proxy through mitmproxy
how it works
phone: wizardzines.com certificate plz
mitmproxy: yes I am wizardzines.com
phone: sounds legit, this CA I trust [the fake mitmproxy CA you installed] says that certificate is valid
some apps pin a cert
makes mitmproxy not work, look up “trust killer” to get around that
script it in Python
modify requests/responses arbitrarily
other similar tools
(not all are free, though)
- charles proxy
- burp suite
- fiddler
Saturday Morning Comics!
Want another comic like this in your email every Saturday? Sign up here!
