re: Announcing HTTP View: one-click debugging for HTTP(S) VIEW POST


So, you've built some sort of convenient toolkit for man-in-the-middle attacks against HTTPS?


For local development, yes. It's designed as a development & debugging tool rather than a security tool for mitm generally, though it can help there too.

Note that it does fully automatic mitm attacks only against software running on your own machine though, where it can automatically set up the certificates to make that work. For remote devices (e.g. phones) it will be able to fully automatically intercept plain HTTP traffic, but it can't automatically intercept HTTPS - there has to be a manual step that somehow trusts the certificate on the device.

code of conduct - report abuse