I can answer this as one of the mitmproxy devs: We're doing this for 10+ years as FOSS, we're a relatively well-known project (so lots of eyes hopefully), our software has absolutely zero telemetry / phone home functionality, and we're developing under our real names. We also have relevant backgrounds in either the security industry and academia, and absolutely no plans to monetize mitmproxy.Does that make it guaranteed to be safe? Not really. I'd personally trust our TLS stack over most IoT TLS implementations, but Chrome/Firefox/Safari will do a better job at e.g. revocation checking. That being said, I'd argue that this is unlikely to be the weakest link in your threat model.
unknown|2 years ago
[deleted]