Versions Compared

Old Version 2

changes.mady.by.user user-9a25e

Saved on

compared with

New Version 3

changes.mady.by.user user-9a25e

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Tapioca and HTTP/2

HTTP/2 is a web protocol supported by modern browsers such as Google Chrome. By default, CERT Tapioca and the mitmproxy software that it uses does not support HTTP/2. It is possible to update the OS and the mitmproxy software to enable HTTP/2 support with Tapioca.

Upgrading Ubuntu to 14.04

Upgrading the Tapioca OS, which is Ubuntu 12.04, to version 14.04 is a prerequisite for HTTP/2 support. The upgrade process is relatively straightforward. But before proceeding, create a snapshot of the VM in case something goes wrong. To perform the upgrade, enter the following in a terminal:

...

You will need to reboot the VM to activate the changes.

Upgrading mitmproxy and the supporting python libraries

After upgrading to Ubuntu 14.04, mitmproxy and the python libraries that it uses should be upgraded. To perform the upgrade, enter the following in a terminal:

Code Block
languagetext
themeMidnight
cd ~/in
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.5_i386.deb
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.0.0_1.0.2g-1ubuntu4.5_i386.deb
wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.0.2g-1ubuntu4.5_i386.deb
sudo dpkg -i openssl_1.0.2g-1ubuntu4.5_i386.deb
sudo dpkg -i libssl1.0.0_1.0.2g-1ubuntu4.5_i386.deb
sudo dpkg -i libssl-dev_1.0.2g-1ubuntu4.5_i386.deb
sudo pip install pip --upgrade
sudo pip install pyOpenSSL --upgrade --force
sudo pip install mitmproxy --upgrade

CERT Tapioca Tweaks

Now that you've updated both Ubuntu and mitmproxy to support HTTP/2, it is worth performing two other modifications:

Updating the mitmproxy CA certificate

Due to a design flaw in the released version of CERT Tapioca, the CA certificate used to generate website certificates is not trusted after July 10, 2016. This will interfere with testing environments with the mitmproxy CA certificate installed on the client. Please see CERT Tapioca 1.0 and Expired CA Certificates for instructions on how to correct this.

Cleanup on use of "No Proxy"

When pressing the "No Proxy" button, CERT Tapioca leaves the mitmproxy and related windows on the screen. Edit the ~/noproxy.sh script to add the three killall lines at the beginning to perform cleanup:

...