tuxuser/fiddler_gen.sh

## fiddler_gen.sh
#!/bin/sh
## Some device only accept a Fiddler certificate.
## What if you don't like Fiddler and want to use mitmproxy instead?
## -> Generate your own Fiddler key/root ca!

# Usage:
# - Start mitmproxy / mitmweb once, to populate the `.mitmproxy` dir
# - Execute this script
# - Copy the mitmproxy certs into `C:\Users\<username>\.mitmproxy` aka. `/home/<username/.mitmproxy`, overwriting existing files
# - Start mitmproxy / mitmweb
# - Import `FiddlerRoot.cer` in your to-be-monitored device and set proxy address/port according to your monitoring host

# EE: End Entity

# Notes from https://github.com/vcsjones/FiddlerCertGen
ROOT_CERT_ALGO="ECDSA_P384"
ROOT_CERT_HASH_ALGO="SHA384"
EE_CERT_HASH_ALGO="SHA256"
EE_CERT_ALGO="ECDSA_P256"
ROOT_RSA_KEY_SIZE=2048
EE_RSA_KEY_SIZE=2048

FIDDLER_ROOT_DN="CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
FIDDLER_EE_DN="CN=DO_NOT_TRUST_Fiddler, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
FIDDLER_EE_PRIVATE_KEY_NAME="FIDDLER_EE_KEY"
FIDDLER_ROOT_PRIVATE_KEY_NAME="FIDDLER_ROOT_KEY_2"

echo "Deleting old files..."
rm -f ./gen/fiddler/*
rm -f ./gen/mitmproxy/*
rm -f ./privkey.pem

echo "Generating new.."
openssl genrsa -out privkey.pem $ROOT_RSA_KEY_SIZE
openssl req -x509 -new -nodes -key privkey.pem -sha256 -days 1826 -out root_ca.pem \
  -subj '/CN=DO_NOT_TRUST_FiddlerRoot/O=DO_NOT_TRUST/OU=Created by http:\/\/www.fiddler2.com'

# Convert from PEM to DER format
openssl x509 -in root_ca.pem -outform DER -out root_ca.der

echo "Creating Fiddler format"
mkdir -p ./gen/fiddler/
cat root_ca.der > ./gen/fiddler/FiddlerRoot.cer

echo "Creating mitmproxy format"
# Note: We do not care about pkcs12 here
mkdir -p ./gen/mitmproxy/

# Key + CA cert bundle
cat privkey.pem root_ca.pem > ./gen/mitmproxy/mitmproxy-ca.pem

# Only CA cert
cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.pem
cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.cer

echo "Setup your to-be-monitored device with FiddlerCert.cer"
echo "Copy mitmproxy certs to ~/.mitmproxy/ and start mitmproxy via 'mitmweb'"
	#!/bin/sh
	## Some device only accept a Fiddler certificate.
	## What if you don't like Fiddler and want to use mitmproxy instead?
	## -> Generate your own Fiddler key/root ca!

	# Usage:
	# - Start mitmproxy / mitmweb once, to populate the `.mitmproxy` dir
	# - Execute this script
	# - Copy the mitmproxy certs into `C:\Users\<username>\.mitmproxy` aka. `/home/<username/.mitmproxy`, overwriting existing files
	# - Start mitmproxy / mitmweb
	# - Import `FiddlerRoot.cer` in your to-be-monitored device and set proxy address/port according to your monitoring host

	# EE: End Entity

	# Notes from https://github.com/vcsjones/FiddlerCertGen
	ROOT_CERT_ALGO="ECDSA_P384"
	ROOT_CERT_HASH_ALGO="SHA384"
	EE_CERT_HASH_ALGO="SHA256"
	EE_CERT_ALGO="ECDSA_P256"
	ROOT_RSA_KEY_SIZE=2048
	EE_RSA_KEY_SIZE=2048

	FIDDLER_ROOT_DN="CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
	FIDDLER_EE_DN="CN=DO_NOT_TRUST_Fiddler, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com"
	FIDDLER_EE_PRIVATE_KEY_NAME="FIDDLER_EE_KEY"
	FIDDLER_ROOT_PRIVATE_KEY_NAME="FIDDLER_ROOT_KEY_2"

	echo "Deleting old files..."
	rm -f ./gen/fiddler/*
	rm -f ./gen/mitmproxy/*
	rm -f ./privkey.pem

	echo "Generating new.."
	openssl genrsa -out privkey.pem $ROOT_RSA_KEY_SIZE
	openssl req -x509 -new -nodes -key privkey.pem -sha256 -days 1826 -out root_ca.pem \
	-subj '/CN=DO_NOT_TRUST_FiddlerRoot/O=DO_NOT_TRUST/OU=Created by http:\/\/www.fiddler2.com'

	# Convert from PEM to DER format
	openssl x509 -in root_ca.pem -outform DER -out root_ca.der

	echo "Creating Fiddler format"
	mkdir -p ./gen/fiddler/
	cat root_ca.der > ./gen/fiddler/FiddlerRoot.cer

	echo "Creating mitmproxy format"
	# Note: We do not care about pkcs12 here
	mkdir -p ./gen/mitmproxy/

	# Key + CA cert bundle
	cat privkey.pem root_ca.pem > ./gen/mitmproxy/mitmproxy-ca.pem

	# Only CA cert
	cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.pem
	cat root_ca.pem > ./gen/mitmproxy/mitmproxy-ca-cert.cer

	echo "Setup your to-be-monitored device with FiddlerCert.cer"
	echo "Copy mitmproxy certs to ~/.mitmproxy/ and start mitmproxy via 'mitmweb'"