MitM
If you want to view, modify or execute scripts for HTTPS requests, you must enable the MitM function. Before enabling the MitM function, your device needs to trust the CA certificate that you have self-signed, which can be imported into Stash by the user or generated by Stash.
⚠️
For data security and privacy reasons, you should never share certificates with others or use CA certificates provided on the Internet.
Using configuration files to configure MitM
Configuring the CA certificate
http:
# CA certificate encoded in PKCS #12 format
ca: ''
# Certificate password
ca-passphrase: ''
# Domain names list that enables the MitM function. Ensure that the above CA certificate is trusted by the system.
Configuring the MitM list
http:
# Domain names list that enables the MitM function. Ensure that the above CA certificate is trusted by the system.
mitm:
- g.cn
- '*.google.cn'
- weather-data.apple.com # Only opens the 443 port by default
- weather-data.apple.com:* # Uses a wildcard to open all ports
- '*.weather-data.apple.com' # Wildcards can also be used in domain names
At this point, the MitM configuration is complete.
Using the GUI to configure MitM
If you cannot add the CA certificate in the configuration file, you can use the Stash GUI to generate the CA certificate.
Configuring the CA certificate
- On the Stash homepage, find MitM, select [CA Certificate];
- Click [Stash Generated CA] to generate a new certificate;
- Click [Install Certificate] to install the new certificate;
- Stash will automatically redirect to Safari for certificate installation, click [Allow] to install the new certificate;
- When [Downloaded Profiles] appears, it means that the certificate has been successfully installed;
Configuring the MitM list
- On the Stash homepage, find MitM, select [Hostname];
- Enter the domain name you want to add, such as *.google.cn, wildcards can be used in domain names, and click [+] next to it to add it to the MitM list;