loading...

Discussion on: Announcing HTTP View: one-click debugging for HTTP(S)

Collapse
lietux profile image
Janne "Lietu" Enberg

So, you've built some sort of convenient toolkit for man-in-the-middle attacks against HTTPS?

Collapse
pimterry profile image
Tim Perry Author

For local development, yes. It's designed as a development & debugging tool rather than a security tool for mitm generally, though it can help there too.

Note that it does fully automatic mitm attacks only against software running on your own machine though, where it can automatically set up the certificates to make that work. For remote devices (e.g. phones) it will be able to fully automatically intercept plain HTTP traffic, but it can't automatically intercept HTTPS - there has to be a manual step that somehow trusts the certificate on the device.