LinuxCommandLibrary

mitmdump

TLDR

Start proxy on default port

$ mitmdump
copy
Start on specific port
$ mitmdump -p [8888]
copy
Save traffic to file
$ mitmdump -w [traffic.mitm]
copy
Read and replay traffic
$ mitmdump -r [traffic.mitm]
copy
Run with script
$ mitmdump -s [script.py]
copy
Filter requests by URL
$ mitmdump --set flow_detail=3 "~u example.com"
copy
Transparent proxy mode
$ mitmdump --mode transparent
copy
Ignore specific hosts
$ mitmdump --ignore-hosts "^example\.com$"
copy

SYNOPSIS

mitmdump [-p port] [-w file] [-r file] [-s script] [--mode mode] [options] [filter]

DESCRIPTION

mitmdump is the command-line companion to mitmproxy, a powerful HTTPS proxy for debugging, testing, and security analysis. It captures and manipulates HTTP/HTTPS traffic.
The tool acts as a man-in-the-middle proxy. For HTTPS, it generates certificates on-the-fly, enabling inspection of encrypted traffic. Clients must trust mitmproxy's CA certificate.
Traffic can be saved (-w) and replayed (-r) for analysis or testing. Saved flows include complete request/response data with timing information.
Python scripts (-s) enable programmatic traffic manipulation. Scripts define hooks like request(), response(), and clientconnect() to modify or analyze traffic in real-time.
Filter expressions select specific flows: ~u for URL, ~m for method, ~b for body content, ~h for headers. Filters can combine with & (and), | (or), and ! (not).
Modes include: regular (explicit proxy), transparent (network-level interception), reverse (forward to specific server), and upstream (chain to another proxy).

PARAMETERS

-p PORT, --listen-port PORT

Proxy listen port (default: 8080).
-w FILE
Write flows to file.
-r FILE
Read flows from file.
-s SCRIPT
Run Python script.
--mode MODE
Proxy mode: regular, transparent, socks5, reverse, upstream.
--listen-host HOST
Listen host.
--ssl-insecure
Don't verify server SSL certificates.
--ignore-hosts PATTERN
Ignore hosts matching regex.
--intercept FILTER
Intercept flows matching filter.
--modify-body SPEC
Modify response body.
--modify-headers SPEC
Modify headers.
--set KEY=VALUE
Set option value.
--flow-detail LEVEL
Output detail level (0-3).
-q, --quiet
Suppress output.
-k, --insecure
Don't verify upstream SSL.

CAVEATS

HTTPS interception requires CA trust. Some applications pin certificates. Transparent mode needs iptables/pf configuration. Large traffic volumes use significant memory. Recording all traffic impacts performance.

HISTORY

mitmproxy and mitmdump were created by Aldo Cortesi around 2010. The project grew from security research tools into a widely-used proxy suite. It's essential for mobile app debugging, API development, and security testing.

SEE ALSO

mitmproxy(1), charles(1), wireshark(1), tcpdump(1)

Copied to clipboard