Mitmproxy 10: First Bits of HTTP/3 (opens in new tab)

(mitmproxy.org)

80 pointsmhils2y ago7 comments

7 comments

I love mitmproxy. It's been consistently part of my toolbelt for nearly a decade, it's stable, and still has plenty of new features that I can use if I need them, but it still works the same for its core use case as it did ten years ago.

slim2y ago

mitmproxy is great for web dev because you can map any url to any other url transparently. for instance you can test prod front end on your localhost dev backend and vice versa.

paulddraper2y ago

I love mitmproxy. I used it to cache all my downloads in CI for performance and stability.

So..... Don't certificate pin (:

TechBro86152y ago

If you've got root on the client, certificate pinning can be disabled ;) Usually it boils down to patching whatever method or system call the library in question is using to pin the HTTPS request, e.g. on iOS jailbreaks there's a tweak called "SSL Kill Switch" which hooks the native HTTP client to remove cert pinning. On a CI machine or desktop, you can probably do something similar with LD_PRELOAD trickery.

edit: Yeah, I found this library [0] that does it (actually disables validation entirely) with LD_PRELOAD and works with openssl, but no commits since 2018 so might not work. Also I'm pretty sure proxychains uses LD_PRELOAD and it might include some option to disable pinning, idk.

[0] https://github.com/DavidBuchanan314/libleakmydata

betimsl2y ago

So, from the screenshot on the blog post; it's exactly as fast as HTTP/1.1?

treve2y ago

Yes, it looks like whatever they used for testing HTTP/3 took just as long. If you're taking that as a conclusion of the relative performance between HTTP/1.1 and HTTP/3, don't. There's nothing there that suggest it's a benchmark.

mhilsOP2y ago

Performance of our HTTP/3 stack is not very good yet, and the benefits of HTTP/3 don't play out in this particular example. :)

j / k navigate · click thread line to collapse

7 comments

TechBro86152y ago

slim2y ago

mitmproxy is great for web dev because you can map any url to any other url transparently. for instance you can test prod front end on your localhost dev backend and vice versa.

paulddraper2y ago

I love mitmproxy. I used it to cache all my downloads in CI for performance and stability.

So..... Don't certificate pin (:

TechBro86152y ago

[0] https://github.com/DavidBuchanan314/libleakmydata

betimsl2y ago

So, from the screenshot on the blog post; it's exactly as fast as HTTP/1.1?

treve2y ago

mhilsOP2y ago

Performance of our HTTP/3 stack is not very good yet, and the benefits of HTTP/3 don't play out in this particular example. :)

j / k navigate · click thread line to collapse