Description
Is it possible to make ImpersonatingMitmManager (when combined with LittleProxy) perform a direct passthrough without certificate impersonation, if upon a CONNECT, the domain does not match one of a series of whitelist regular expressions?
I need to have the proxy accepting all browser traffic, but I only want to run filters for a small percentage of said traffic, MITM needs to be selective so that certificate pinned applications do not receive a generated certificate and therefore break. An example of this is DropBox - when the Windows system proxy is set to the proxy, Dropbox refuses to sync.
Is this possible?
Looking over the code, it looks like clientSslEngineFor always calls getHostnameImpersonatingSslContext, so there is not a current way to do this, but I might have missed something.
The company I work for uses a home-rolled authentication protocol similar to HAWK when talking to microservices. This proves to be a pain when testing those microservices, so I wrote a Fiddler plugin that automatically adds the required authentication headers to any outgoing requests that look like they are for an internal company domain. This allows for standard REST requests to be made in the browser / rest client and for them to be transparent signed. However, we are now looking to move away from requiring Fiddler.