tuxuser · February 24, 2024 17:29
diff --git a/fiddler_gen.sh b/fiddler_gen.sh
 #!/bin/sh
 ## Some device only accept a Fiddler certificate.
 ## What if you don't like Fiddler and want to use mitmproxy instead?
 ## -> Generate your own Fiddler key/root ca!

 # Usage:
 # - Start mitmproxy / mitmweb once, to populate the `.mitmproxy` dir
 # - Execute this script
 # - Copy the mitmproxy certs into `C:\Users\<username>\.mitmproxy` aka. `/home/<username/.mitmproxy`, overwriting existing files
 # - Start mitmproxy / mitmweb
 # - Import `FiddlerRoot.cer` in your to-be-monitored device and set proxy address/port according to your monitoring host

 # EE: End Entity

 # Notes from https://github.com/vcsjones/FiddlerCertGen
 ROOT_CERT_ALGO="ECDSA_P384"
 ROOT_CERT_HASH_ALGO="SHA384"
 EE_CERT_HASH_ALGO="SHA256"
 EE_CERT_ALGO="ECDSA_P256"
 ROOT_RSA_KEY_SIZE=2048
 EE_RSA_KEY_SIZE=2048

 FIDDLER_ROOT_DN="CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
 FIDDLER_EE_DN="CN=DO_NOT_TRUST_Fiddler, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
 FIDDLER_EE_PRIVATE_KEY_NAME="FIDDLER_EE_KEY"
 FIDDLER_ROOT_PRIVATE_KEY_NAME="FIDDLER_ROOT_KEY_2"

 echo "Deleting old files..."
 rm -f ./gen/fiddler/*
 rm -f ./gen/mitmproxy/*
 rm -f ./privkey.pem

 echo "Generating new.."
 openssl genrsa -out privkey.pem $ROOT_RSA_KEY_SIZE
 openssl req -x509 -new -nodes -key privkey.pem -sha256 -days 1826 -out root_ca.pem \
  -subj '/CN=DO_NOT_TRUST_FiddlerRoot/O=DO_NOT_TRUST/OU=Created by http:\/\/www.fiddler2.com'

 # Convert from PEM to DER format
 openssl x509 -in root_ca.pem -outform DER -out root_ca.der

 echo "Creating Fiddler format"
 mkdir -p ./gen/fiddler/
 cat root_ca.der > ./gen/fiddler/FiddlerRoot.cer

 echo "Creating mitmproxy format"
 # Note: We do not care about pkcs12 here
 mkdir -p ./gen/mitmproxy/

 # Key + CA cert bundle
 cat privkey.pem root_ca.pem > ./gen/mitmproxy/mitmproxy-ca.pem

 # Only CA cert
 cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.pem
 cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.cer

 echo "Setup your to-be-monitored device with FiddlerCert.cer"
 echo "Copy mitmproxy certs to ~/.mitmproxy/ and start mitmproxy via 'mitmweb'"
	#!/bin/sh
	## Some device only accept a Fiddler certificate.
	## What if you don't like Fiddler and want to use mitmproxy instead?
	## -> Generate your own Fiddler key/root ca!

	# Usage:
	# - Start mitmproxy / mitmweb once, to populate the `.mitmproxy` dir
	# - Execute this script
	# - Copy the mitmproxy certs into `C:\Users\<username>\.mitmproxy` aka. `/home/<username/.mitmproxy`, overwriting existing files
	# - Start mitmproxy / mitmweb
	# - Import `FiddlerRoot.cer` in your to-be-monitored device and set proxy address/port according to your monitoring host

	# EE: End Entity

	# Notes from https://github.com/vcsjones/FiddlerCertGen
	ROOT_CERT_ALGO="ECDSA_P384"
	ROOT_CERT_HASH_ALGO="SHA384"
	EE_CERT_HASH_ALGO="SHA256"
	EE_CERT_ALGO="ECDSA_P256"
	ROOT_RSA_KEY_SIZE=2048
	EE_RSA_KEY_SIZE=2048

	FIDDLER_ROOT_DN="CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
	FIDDLER_EE_DN="CN=DO_NOT_TRUST_Fiddler, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
	FIDDLER_EE_PRIVATE_KEY_NAME="FIDDLER_EE_KEY"
	FIDDLER_ROOT_PRIVATE_KEY_NAME="FIDDLER_ROOT_KEY_2"

	echo "Deleting old files..."
	rm -f ./gen/fiddler/*
	rm -f ./gen/mitmproxy/*
	rm -f ./privkey.pem

	echo "Generating new.."
	openssl genrsa -out privkey.pem $ROOT_RSA_KEY_SIZE
	openssl req -x509 -new -nodes -key privkey.pem -sha256 -days 1826 -out root_ca.pem \
	-subj '/CN=DO_NOT_TRUST_FiddlerRoot/O=DO_NOT_TRUST/OU=Created by http:\/\/www.fiddler2.com'

	# Convert from PEM to DER format
	openssl x509 -in root_ca.pem -outform DER -out root_ca.der

	echo "Creating Fiddler format"
	mkdir -p ./gen/fiddler/
	cat root_ca.der > ./gen/fiddler/FiddlerRoot.cer

	echo "Creating mitmproxy format"
	# Note: We do not care about pkcs12 here
	mkdir -p ./gen/mitmproxy/

	# Key + CA cert bundle
	cat privkey.pem root_ca.pem > ./gen/mitmproxy/mitmproxy-ca.pem

	# Only CA cert
	cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.pem
	cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.cer

	echo "Setup your to-be-monitored device with FiddlerCert.cer"
	echo "Copy mitmproxy certs to ~/.mitmproxy/ and start mitmproxy via 'mitmweb'"