1

I'm trying to automate running of mitmdump binary in ubuntu. I'm providing self generated certs to it using command: ./mitmdump --cert *=mycert.pem. But help doesn't define any commands to provide the private key pass phrase. How do i provide the password during the start up?

I have tried to provide the input to it using command: ./mitmdump --cert *=mycert.pem <<< "mypassword", as suggested here, but it still asks my PEM pass phrase.

If it helps, I'm starting the mitmdump process from java code using Runtime.getRuntime().exec(COMMAND). Generating the certs without password isn't really a possibility.

Miro K.
  • 345
  • 1
  • 4
  • 13

1 Answers1

0

As shown in the mitmproxy documentation the mycert.pem has to contain both, the certificate as well as the private key:

-----BEGIN PRIVATE KEY-----
<private key>
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<cert>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediary cert (optional)>
-----END CERTIFICATE-----

As you can see Mitmproxy expects a BEGIN PRIVATE KEY and not an BEGIN ENCRYPTED PRIVATE KEY hence the provided key is not protected by a password at all.

Optionally you can also add intermediate certificate at the end in case the provided certificate is not a root-CA certificate or a direct child certificate of a known root-CA.

Robert
  • 39,162
  • 17
  • 99
  • 152
  • mycert.pem contains the both private key and the certificate. instead of -----BEGIN PRIVATE KEY-----, I have -----BEGIN RSA PRIVATE KEY-----. mitmdump asks the pass phrase, and if I provide it manually I can capture https traffic just fine. Now, how to provide that pass phrase automatically is big mystery to me. – Miro K. Aug 27 '20 at 09:41
  • You really love the hard way. The simple way would be to convert the RSA PRIVATE KEY structure to a PRIVATE KEY: This question should cover that: https://stackoverflow.com/q/8290435/150978 – Robert Aug 27 '20 at 09:54