Mitmproxy – Open-source console-based proxy

Don&#x27;t forget mitmdump. It is a great way to log sessions and chain to other proxies at the same time.<p>Also, mitmdump is one of the best and fastest ways to get ahold of web requests with Python to modify it on the fly.<p><a href="http:&#x2F;&#x2F;docs.mitmproxy.org&#x2F;en&#x2F;stable&#x2F;mitmdump.html" rel="nofollow">http:&#x2F;&#x2F;docs.mitmproxy.org&#x2F;en&#x2F;stable&#x2F;mitmdump.html</a><p>I have been using mitmproxy over Burp for day to day web app hacking these days. But we still use Burp scanner for lots of chores. I almost always chain through both to then go back in and use Burp features missing in mitmproxy (exploring site contents, etc.). But those are edge cases mostly needed for professional use and not for tinkering.

It&#x27;s not just a console, it also has a web based interface: <a href="http:&#x2F;&#x2F;docs.mitmproxy.org&#x2F;en&#x2F;stable&#x2F;mitmweb.html" rel="nofollow">http:&#x2F;&#x2F;docs.mitmproxy.org&#x2F;en&#x2F;stable&#x2F;mitmweb.html</a>

This tool recently helped me troubleshoot a bug I was facing and unable to solve due to the lack of Safari&#x27;s development tools. Here&#x27;s a link for anyone interested: <a href="http:&#x2F;&#x2F;eapen.in&#x2F;mitmproxy-for-troubleshooting&#x2F;" rel="nofollow">http:&#x2F;&#x2F;eapen.in&#x2F;mitmproxy-for-troubleshooting&#x2F;</a>

one of the best tools for reverse engineering mobile apps. I&#x27;m just having problems when certificate pinning is enabled. Does anyone have an idea (or even a solution) how to deal with that?

Just what I was looking for.<p>All I wanted to do was change a request header for one host.<p>After ~15 minutes I now have a transparent MITM https proxy - and I didn&#x27;t even have to google the openssl command.<p>Edit: Also, the documentation is excellent as the software.

This tool has really helped me on several occasions with a wide variety of issues up and down the stack. Even with debugging web apps because while the chrome Dev tools are awesome they (at least at the time as far as I know) didn&#x27;t expose the initial headers&#x2F;network exchange for certain types of auth like NTLM.

<a href="https:&#x2F;&#x2F;docs.mitmproxy.org&#x2F;en&#x2F;latest&#x2F;mitmproxy.html" rel="nofollow">https:&#x2F;&#x2F;docs.mitmproxy.org&#x2F;en&#x2F;latest&#x2F;mitmproxy.html</a> Nice TLS work

Although I don&#x27;t contribute to it anymore, I worked on a similar project that seems to have some continued activity:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;lightbody&#x2F;browsermob-proxy" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;lightbody&#x2F;browsermob-proxy</a><p>It&#x27;s Java-based and forked out from some old MITM code from Selenium. It has a bunch of APIs for manipulating traffic, tweaking DNS resolution, rewriting content, etc. Just passing along in case anyone is looking for alternatives.

Beware that it listens on all interfaces by default:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;mitmproxy&#x2F;mitmproxy&#x2F;issues&#x2F;1293" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mitmproxy&#x2F;mitmproxy&#x2F;issues&#x2F;1293</a><p>I learned this the hard way. If you run a proxy on an unfirewalled machine with public IPv4, it&#x27;s going to be abused <i>really</i> fast. :-(

Mitmproxy works pretty well for HTTPS - but it doesn&#x27;t seem to generate HTTPS certs as well as Fiddler does

Many previous discussions:<p><a href="https:&#x2F;&#x2F;hn.algolia.com&#x2F;?query=mitmproxy&amp;sort=byPopularity&amp;prefix=false&amp;page=0&amp;dateRange=all&amp;type=story" rel="nofollow">https:&#x2F;&#x2F;hn.algolia.com&#x2F;?query=mitmproxy&amp;sort=byPopularity&amp;pr...</a>

I was just looking for something like this. Googling led me to Charles proxy, which seems a pretty capable tool, and I&#x27;m growing fond of it though the Java UI is jarringly ugly.<p>Does anyone have any experience with charles vs mitmproxy?

I love mitmproxy, super easy to use (and to install an interception certificate) and the scripting support makes it very useful for pentesting iOS app traffic etc where I can&#x27;t easily modify the client

I&#x27;ve been using mitmproxy to inspect HTTPS traffic. Are there any Chrome&#x2F;Wireshark configurations to allow me to inspect HTTPS with Wirshark?

Mitmproxy is amazing! And you can get it easily in macOS with brew. Highly recommended

I love Mitmproxy and how easy it is to use! One of my favorite pentesting tools!

mitmproxy is great for iOS and Android pen testing. A must have tool.