diff --git a/How-to-config-https-proxy.md b/How-to-config-https-proxy.md index f435d0a..b26aa30 100644 --- a/How-to-config-https-proxy.md +++ b/How-to-config-https-proxy.md @@ -1,6 +1,6 @@ After configuring rootCA, AnyProxy could help to decrypt https requests, whose approach is also called Man-In-The-Middle(MITM). -Here is the guide to config your https proxy. +Here is the guide to config your https proxy and using it to intercept your https requests. If you don't what to deal with https requests, i.e. just let them go as normal, you don't have to do any configuration. #### step 1 - install openssl * openssl is availabe here : [http://wiki.openssl.org/index.php/Compilation_and_Installation](http://wiki.openssl.org/index.php/Compilation_and_Installation) @@ -9,19 +9,32 @@ Here is the guide to config your https proxy. #### step 2 - generate a rootCA and trust it * execute ``sudo anyproxy --root`` * start anyproxy by ``anyproxy``, fetch rootCA.crt via http://localhost:8002/fetchCrtFile, then open and trust it. -* you should trust this rootCA on all of your clients. +* an qr code for rootCA.crt will be available via http://localhost:8002/qr_root, you may need it when installing certificate on mobile devices. +* you should trust this rootCA on all of your clients. Otherwise, you will get a warning like UNAUTHORIZED_CERTIFICATE. #### to intercept(decrypt) https requests * start your anyproxy by ``anyproxy --intercept``. When rootCA exists, it will intercept(decrypt) all the https requests for you. * if you meet with a warning like 'unsafe connection', please check if the root CA is correctly trusted by your operation system. -#### to start an https proxy -* ``anyproxy --type https --host my.domain.com`` -* the param ``host`` is required with https proxy and it should be kept exactly what it it when you config your browser. Otherwise, you may get some warning about security. -* using **https proxy** means your request towards proxy will be encrypted. Please notice that this feature has nothing to do with **intercept https requests**. #### about certs * root certs and temperary certs are stored at ``path.join(util.getUserHome(),"/.anyproxy_certs/")`` * to get the rootCA.crt file , you may either find it in local dir or download it via anyproxy web interface * to clear all the temperary certificates ``anyproxy --clear`` -* https features may be unstable in windows \ No newline at end of file +* https features may be unstable in windows + + +#### screenshot + +* Decrypted https requests will carry a lock icon with its id. + +![](http://gtms04.alicdn.com/tps/i4/TB1BlqiHXXXXXX1apXXxQJt_XXX-1229-391.jpg_400x400.jpg) + + +#### to start an https proxy +* ``anyproxy --type https --host my.domain.com`` +* the param ``host`` is required with https proxy and it should be kept exactly what it it when you config your browser. Otherwise, you may get some warning about security. + +#### note +* intercepting https requests means decrypting the https traffice. This does NOT require an https proxy. +* using **https proxy** means your request towards the proxy server will be encrypted, no matter the request is http or https. \ No newline at end of file