First, some company testers face a packet capture problem.

That is their home APP capture package must be configured with a certificate!

This certificate will be issued to you by the developer. The general suffix is.p12.pem and so on

If you do not install this certificate. We cannot parse the return value of the interface, which usually says: 400, as shown in the figure



To solve this problem, the first step is to clarify the concept:

Whether fiddler or Charles, to capture THE HTTPS interface, you need to install the certificate that comes with the packet capture tool. Many partners will confuse this certificate with their own certificate in the company and think it is a certificate. Actually it’s not.

Charles, for example, the certificate that comes with the tool only ensures that you can properly access the HTTPS interface. It doesn’t matter if you can parse the return value. The server found that you do not have our company’s internal certificate, so it will return 400 to you.

The certificate delivered with the tool is generally installed as follows:



When our friend went to Baidu to install the certificate, almost all the articles will teach you to install the tool with HTTPS certificate, and our friend did not know the above two certificates, blindly followed the online tutorial to install the tool with certificate, and then caused the packet capture found 400 cannot be resolved.

This article describes how to install a certificate in your company. 1. The tool comes with a certificate that allows you to access the HTTPS interface. Internal certificate: the certificate that allows you to parse certain HTTPS interfaces for your app. This certificate is also called a client certificate

1. The tool comes with a certificate.

Here’s where to start:

Open Charles – click on the upper menu: Proxy—— click on the sub-menu: SSL Proxying Settings—– click on the middle option: Client Certificates—- click on the lower middle button: Add — — — — — – the Host write * — — — — — — — click the Choose button – Choose to develop for your internal certificate — — — — — – click ok — — — — — — – click on check ok — — — — — – restart, Charles



Set as shown above. You can successfully parse those interfaces by restarting Charles.

Let’s start with how to install mitmProxy.

The blogger searched countless articles, but could not find this tutorial, and even found that almost all tutorials are copy and paste, teaching you the simplest installation of MitmProxy, package capture,mock, etc. There are a few articles on how to install mitmProxy’s own certificate, but nothing on how to install an internal client certificate.

I have no choice but to go to the English official website and find this sentence:



Yes, this is when we start the mitmProxy command, we simply need to add a parameter. It’s that simple

The command is as follows:

mitmproxy --setClient_certs = Path to your certificateCopy the code

Then you can parse successfully! Attached is the official document link: mitmProxy official document

Charles. P12. Mitmproxy. Pem. Python requests modules send requests with. Pem certificates as well.

Certificate format conversion can be used openSSL command conversion, specific tutorial can be baidu, there are many also very simple.

The certificate delivered with mitmProxy installed on mobile phones can also be accessed after the proxy is connectedmitm.it.To download:

If you can see this,traffic is not passing through mitmporxy. That means the agency was unsuccessful. Please restart mitmProxy and connect the mobile phone proxy to port 8080.