search

httptoolkit / httptoolkit-ui

The UI of HTTP Toolkit
https://httptoolkit.com
GNU Affero General Public License v3.0
288 stars 107 forks source link

Allow getting SSL-Certificate #36

Closed domdorn closed 2 years ago

domdorn commented 2 years ago

Hi!

I just tried out httptoolkit on mac. Works good on anything http-like, however I found no way to get a SSL Certificate I could import into my keychain so its able to intercept SSL-Traffic as well.

Steps to reproduce

pimterry commented 2 years ago

Hi @domdorn. You can get the path to the generated SSL Certificate from the 'Anything' option on the intercept page, or you can download it by requesting amiusing.httptoolkit.tech/certificate in any intercepted client.

You shouldn't need to though. If you launch an intercepted client in HTTP Toolkit, they should have the certificate set up for your automatically, without requiring any changes to your system settings.

In the terminal case for curl, for example, HTTP Toolkit sets the CURL_CA_BUNDLE env var in that window, which overrides which certificates curl should trust for that window only.

Does that not work for you? Can you check that CURL_CA_BUNDLE is set in your intercepted terminal?

shirshak55 commented 2 years ago

@pimterry I think we should make it easy for users to get SSL certs without making them intercept and download the certificate like that.

Why? Because charles/proxyman etc offers an easy way to export certs. And first time what I do is trust into keychain ( Regarding security its dangerous but i know what i am doing )

pimterry commented 2 years ago

I think we should make it easy for users to get SSL certs without making them intercept and download the certificate like that.

Yes, I think you're right that it'd be good to make that easier.

I've just pushed a change to replace the path in the Anything option with a nice button to export it anywhere you'd like:

Screenshot from 2022-01-05 16-00-12

In general I don't want to encourage this too much - for OS configuration I'd rather automate system setup, and for other cases we can add more interceptors - but there will always be some cases we don't support already, and a convenient button to download this directly inside the UI is a nice UX improvement to make that easier. Good idea!