Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
HTML
<div style="background-color: yellow; border: 2px solid red; margin: 4px; padding: 2px; font-weight: bold; text-align: center;">
This page was moved to <a href="https://github.com/CERTCC/tapioca/wiki/Tapioca-Tutorials">https://github.com/CERTCC/tapioca/wiki/Tapioca-Tutorials</a>
<br>
Click in the link above if you are not automatically redirected in 3 seconds.
</div>
<meta http-equiv="refresh" content="3; URL='https://github.com/CERTCC/tapioca/wiki/Tapioca-Tutorials'" />

Problem:

After installing the mitmproxy CA certificate in a client system, you get an error in the client application stating that the website certificate is invalid.  Depending on the browser used, the errors may include:

  • NET::ERR_CERT_DATE_INVALID
  • The certificate is not trusted because the issuer certificate has expired.
  • This certificate has expired or is not yet valid

Cause:

When CERT Tapioca restarts the mitmproxy capture via mitm.sh, the .mitmproxy directory is copied from a static copy provided by Tapioca. This CA certificate expired on July 10, 2016 for CERT Tapioca 1.0.

Solution:

Delete the ~/.mitmproxy directory:

Code Block
themeMidnight
rm -rf ~/.mitmproxy 

Modify the ~/.mitm.sh script to not copy over the ~/.mitmproxy contents:

Code Block
themeMidnight
title~/mitm.sh
#!/bin/bash

#cp -a ~/.mitmproxy_CA/* ~/.mitmproxy
sudo ~/iptables_mitmproxy.sh
mitmproxy -T -w ~/logs/flows.log 

...