by envoked on 10/5/2024, 4:28:58 AM
by febusravenga on 10/5/2024, 9:16:49 AM
Only slightly related ...
> Chrome does not trust user-added Certificate Authorities for QUIC.
Interesting. In linked issue chrome team says:
> We explicitly disallow non-publicly-trusted certificates in QUIC to prevent the deployment of QUIC interception software/hardware, as that would harm the evolvability of the QUIC protocol long-term. Use-cases that rely on non-publicly-trusted certificates can use TLS+TCP instead of QUIC.
I don't follow evolution of those protocols, but i am not sure how disallowing custom certificates has anything with "evolvability" of protocol ...
Anyone knows are those _reasons_?
by Onavo on 10/4/2024, 10:52:47 PM
Do http/2 and http/3 offer any benefits if they are only supported by the reverse proxy but not the underlying web server? Most mainstream frameworks for JS/Python/Ruby don't support the newer http standards. Won't the web server be a bottleneck for the reverse proxied connection?
by rnhmjoj on 10/5/2024, 3:26:49 PM
Unfortunately there is still the issue[1] of fingerprinting. Until it can spoof the TLS handshake of a typical browser, you get these "Just a quick check..." or "Sorry, it looks like you're a bot" pages on about 80% of the web.
by bluejekyll on 10/5/2024, 12:55:26 AM
Thanks for the shoutout to Hickory. It’s always fun to see what people build with it. Nice work!
by nilslindemann on 10/5/2024, 11:54:01 AM
I wonder, can I use it like Privoxy/Proxomitron/Yarip? E.g. can I strip out script tags from specific sites, which I request with my browser (Ungoogled Chromium), using Mitmproxy as a Proxy? And how will this affect performance?
by systems on 10/5/2024, 9:47:39 PM
is mitmproxy an alternative to fiddler?
by 38 on 10/4/2024, 10:43:38 PM
It’s great to see that Mitmproxy is still being developed - it indirectly made my career.
Back in 2011, I was using it to learn API development by intercepting mobile app requests when I discovered that Airbnb’s API was susceptible to Rails mass assignment (https://github.com/rails/rails/issues/5228). I then used it to modify some benign attributes, reached out to the company, and it landed me an interview. Rest is history.