0

I have a WSS server running, and I want to intercept WebSocket messages between the client and the server.

I am able to intercept WebSocket messages using WS (no SSL) but haven't had any success with WSS (with SSL). I am getting an error about self-signed certs, which my testing client (wscat) doesn't want to use. (self signed certificate in certificate chain)

And lastly, how would I be able to intercept a connection from a different desktop application? So say if application A is trying to connect to a WSS server, how would I intercept that without telling the desktop application to use a proxy?

Thank you!

Unrelated to the question above, but I am also not able to proxy HTTPS requests because of this error:

sslv3 alert bad certificate

Sculas
  • 25
  • 2
  • 6

1 Answers1

0

I am getting an error about self-signed certs, which my testing client (wscat) doesn't want to use.

This question is really is about wscat and not mitmproxy. https://stackoverflow.com/a/58149466/934719 mentions that you can pass -n to wscat to disable certificate checks for local testing.

And lastly, how would I be able to intercept a connection from a different desktop application? So say if application A is trying to connect to a WSS server, how would I intercept that without telling the desktop application to use a proxy?

If you cannot tell the desktop application to use a proxy, then it's probably the easiest to set up as a reverse proxy.

Maximilian Hils
  • 6,309
  • 3
  • 27
  • 46
  • Ah okay! If I use a reverse proxy, can I just "listen" to all messages and read and possibly modify them and then send them to the original server/connection? – Sculas May 26 '21 at 14:04
  • And wouldn't an 'invisible" proxy be better instead? Not sure how reverse proxies work, though. – Sculas May 26 '21 at 14:22
  • And say, the desktop application connects to a WSS server at `111.222.333.444:1234`, how do I intercept that? – Sculas May 26 '21 at 18:02