I tried to use --ignore-hosts to ignore some domains like
mitmproxy --ignore-hosts .facebook.com
I assume that "--ignore-hosts" means: ignored hosts will not be intercepted and would be just forwarded/passthru.
I can now proxy all sites with mitmproxy's CA and inspect the traffic.
However, I cannot browse facebook.com with Firefox at all and will get
Secure Connection Failed
An error occurred during a connection to www.facebook.com.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem.
is it due to firefox? Or I understand it wrong and mitmproxy just refuse to process "ignored hosts"?!
The
--ignore-hostsoption expects a regular expression. If you set it to.facebook.comit does not matchfacebook.combecause the regular expression requires one additional character at the beginning.If you want to ignore
facebook.com, and all of it's subdomains you have to use the following regular expression:See also https://docs.mitmproxy.org/stable/howto-ignoredomains/#tutorial