linkedin / flashback

mock the internet
BSD 2-Clause "Simplified" License
578 stars 54 forks source link

configure HTTPS recording from the command line #14

Open Aarskin opened 7 years ago

Aarskin commented 7 years ago

Hi,

I'm hoping there is a way to configure my proxy with a trusted certificate from the command line. I don't see this anywhere in the current set of samples - only Java examples.

Is there a way to configure a certificate for my Flashback proxy without Java?

Thanks

Aarskin commented 7 years ago

I was able to get 200 OK with

{ "sceneMode": "record", "sceneName": "test1", "matchRule": "matchEntireRequest", "scenePath": "tmp", "proxyHost": "localhost", "proxyPort": "5555", "caCertPath": "C:\\certs\\trust_proxies.pfx", "caCertPwd": "your password here", "caAlias": "ITrustProxies", "caKeyPwd": "your password here", "caCertCN": "", "caCertOU": "", "caCertO": "", "caCertL": "", "caCertCC": "" }

But I am still unable to hit pages with HTTPS using Flashback as a MITM. Is there any way I can verify that this is a trust issue with my Certificate and not with Flashback itself?

I used IIS to generate a self-signed certificate. I do not get a security alert in IE or Chrome, but I do see the broken lock (in Chrome, closed lock in IE). Can anyone confirm/deny that this is the root of problem?

sf1152 commented 7 years ago

Yes, the way we support non-java is that we have admin restful api that can setup proxy for you. You just need make sure if your caCert can be trusted by your certificate store.

BTW: did you get any response from proxy?

Aarskin commented 7 years ago

Not quite yet, I'm focusing on getting more comfortable with other aspects of Flashback at the moment.

ben-oldcom commented 7 years ago

@Aarskin hi, how did you try to access a https resource using flashback, curl? not sure about windows, but here is more details of how generate and using a self signed certificate for flashback here: https://github.com/linkedin/flashback/issues/8