Noseyparker - 28 July

Success I think! Well mostly. I ran tests to verify my TLS proxy handler is working - and from what I can tell it is ... mostly. Why mostly u ask? - because I'm not seeing a HTTPS response for every HTTPS request. I reduced the frequency with which nogotofail attempts to proxy each request (from every 2nd to every 5th) and I saw more HTTPS responses come back.

I added debug code to make sure unencrypted attributes could be inspected for requests and responses, and they can! Still more testing required but I am more confident than yesterday.

It doesn't seem realistic to inspect every HTTPS request/response - proxying appears to add latency causing timeouts if the sampling rate is too high. My setup also contributes to latency - requests to the server are over a VPN to a GCE server instance in East Asia (Taiwan I believe). A lower sampling rate is fine for my objective, it's enough to sample some requests to identify PII disclosure by applications.

Here is my TLS proxy handler, it's bare bones ATM: https://github.com/mkenne11/nogotofail-pii/blob/04a60b60537076e476bbb4c4f67191109874d771/nogotofail/mitm/connection/handlers/connection/httpspii.py

Also, started on project documentation today. I wrote up the procedure for generating the TLS proxy certificate chain files - it's a little complicated and would have probably forgot if I didn't start on it (it's still draft): https://github.com/mkenne11/nogotofail-pii/wiki/Create-certificate-chain-to-performing-MitM-proxying