mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.
Use mitmproxy’s main features in a graphical interface withmitmweb. Do you like Chrome’s DevTools? mitmweb gives you a similar experience for any other application or device, plus additional features such as request interception and replay.
- Intercept HTTP & HTTPS requests and responses and modify them on the fly
- Save complete HTTP conversations for later replay and analysis
- Replay the client-side of an HTTP conversations
- Replay HTTP responses of a previously recorded server
- Reverse proxy mode to forward traffic to a specified server
- Transparent proxy mode on OSX and Linux
- Make scripted changes to HTTP traffic using Python
- SSL/TLS certificates for interception are generated on the fly
- And much, much more…
- mitmproxy is a console tool that allows interactive examination and modification of HTTP traffic. It differs from mitmdump in that all flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples. Use the
?shortcut key to view, context-sensitive documentation from any mitmproxy screen.
- mitmweb is mitmproxy’s web-based user interface that allows interactive examination and modification of HTTP traffic. Like mitmproxy, it differs from mitmdump in that all flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples.
- mitmdump is the command-line companion to mitmproxy. It provides tcpdump-like functionality to let you view, record, and programmatically transform HTTP traffic. See the
--helpflag output for complete documentation.
Mitmproxy’s addon mechanism consists of a set of APIs that support components of any complexity. Addons interact with mitmproxy by responding to events, which allow them to hook into and change mitmproxy’s behaviour. They are configured through options, which can be set in mitmproxy’s config file, changed interactively by users, or passed on the command-line. Finally, they can expose commands, which allows users to invoke their actions either directly or by binding them to keys in the interactive tools.
Addons are an exceptionally powerful part of mitmproxy. In fact, much of mitmproxy’s own functionality is defined in a suite of built-in addons, implementing everything from functionality like anticaching and sticky cookies to our onboarding webapp. The built-in addons make for instructive reading, and you will quickly see that quite complex functionality can often boil down to a very small, completely self-contained modules. Mitmproxy provides the exact same set of facilities it uses for its own functionality to third-party scripters and extenders.