Setting up transparent MitM HTTPS proxy for IoT device?

Question

I have an IoT device that communicates with a remote server via HTTPS over port 443.

I would like to intercept the HTTP/HTTPS communication - e.g. using Charles or mitmproxy.

If it was a desktop or Android device, I could setup the proxy's SSL certificate in the certificate store.

However, this device doesn't really have any HTTP settings - so I'd need to setup a transparent proxy right? However, how do I get it to trust the SSL certificates presented by Charles/mitmproxy?

Thanks, Victor

You don't, and that's the point. – Jacob Evans Nov 12 '17 at 21:03 — Jacob Evans, Nov 12 '17 at 21:03

anx · Answer 1 · 2017-11-13T07:21:46.593

Unless you have some degree of remote access, such as ssh or telnet, you will want to access the disk of the device. If you are lucky, its an SD or m.2 card, with a common *nix file system.

There you search for its certificate store - there are very likely going to be easily recognizable headers for the encoded x.509 certificates (-----BEGIN CERTIFICATE-----), then add (if file system readable) or replace one with (if not) your MitM certificate.

Setting up transparent MitM HTTPS proxy for IoT device?

1 Answers1