Mitmproxy 7.0

Mitmproxy is so awesome, I use it all the time! Can recommend it for anyone who needs to do some fiddling with HTTP(S) traffic for debugging &#x2F; reverse engineering purposes.<p>I&#x27;m slightly too much of a GUI person to use it in a &quot;explorative&quot; phase, then I&#x27;m more a fan of Charles&#x2F;Proxyman, but whenever I wanna modify the traffic or do some scripting to i.e log certain traffic, I reach for Mitmproxy.

Mitmproxy was an interesting solution to a problem I had a few weeks ago. One of my IT support gigs was trying to use &quot;Mevo&quot;-branded cameras to stream some live events to Facebook using an iPad. We had to use the venue&#x27;s Wi-Fi network. We found the Mevo app would not detect that we were &quot;connected to the Internet&quot; and wouldn&#x27;t allow us to stream.<p>The venue&#x27;s network admin said they weren&#x27;t filtering anything outbound to the Internet. We could access websites from the iPad just fine. Same w&#x2F; Facebook, Youtube, etc.<p>I put up Mitmproxy, an adhoc Wi-Fi network on a second Wi-Fi NIC, a DHCP server, and iptables NAT on my laptop. I set the iPad to use my adhoc SSID and my machine as an explicit HTTP proxy. My intention was to snoop on the traffic to determine what Mevo was using for criteria to consider being &quot;connected&quot;.<p>For whatever reason the Mevo app just started working in this configuration. I ended up sticking a spare Wi-Fi router and a PC w&#x2F; Mitmproxy installed in the venue for the duration of the event. I never did figure out what the Mevo app didn&#x27;t like about the venue&#x27;s network.

Does anyone know how the story currently is for MITM&#x27;ing Android?<p>I had fun reverse engineering app APIs a few years back, but I looked into it again more recently and found that Android has started pinning certificates by default even on apps that didn&#x27;t pin anything themselves. I also had trouble getting my custom certificate to be used at all, when it used to be pretty easy.<p>Can Frida still bypass pinning, even this new default one, or is it done at OS level?

Mitmproxy dev here, happy to answer any questions! :)

Is anyone using this for page rewriting? Not just for the all-important ad blocking but removing the whitespace where the removed ad was, rewriting autoplay videos and gifs into click-to-play, etc. So many apps have web views that the doing it in the browser is a step backwards.<p>I used to do all my rewrite via a proxy but it stopped being particularly useful when https became almost universal.

Such an amazing and well-maintained tool!!!<p>Anyone interested in sharing use-cases where it has helped you?

I’ve used this tool to identify and fix security issues and have also taught software testers how to use it just to spread the love and knowledge. Kudos!

That sans io core sure sounds like a free monad interpreter.