mitmproxy

TLDR

Start mitmproxy on the default port (8080)

$ mitmproxy

Start on a specific port

$ mitmproxy -p [8888]

Start in reverse proxy mode

$ mitmproxy -m reverse:https://[example.com]

Start in transparent proxy mode

$ mitmproxy -m transparent

Load a Python script for traffic manipulation

$ mitmproxy -s [path/to/script.py]

Read flows from a file

$ mitmproxy -r [flows.mitm]

Ignore specific hosts

$ mitmproxy --ignore-hosts '^example\.com$'

Start web interface instead of console

$ mitmweb

SYNOPSIS

mitmproxy [options]
mitmdump [options]
mitmweb [options]

mitmproxy is an interactive man-in-the-middle proxy for HTTP and HTTPS traffic. It allows inspection, modification, and replay of web traffic through a console interface. The suite includes three tools: mitmproxy (console UI), mitmweb (web UI), and mitmdump (command-line only).
The proxy works by intercepting connections and presenting its own certificate to clients. Install the mitmproxy CA certificate on clients to avoid SSL warnings. Traffic flows can be filtered, modified with Python scripts, or saved for later analysis.
Proxy modes include regular (explicit proxy), transparent (network-level interception), reverse (forwarding to upstream), and SOCKS5. Python addons can modify requests and responses, implement custom logic, or integrate with other tools.

PARAMETERS

-p PORT, --listen-port PORT

Proxy service port (default: 8080)

-m MODE, --mode MODE

Proxy mode: regular, transparent, socks5, reverse:SPEC, upstream:SPEC

-T, --transparent

Enable transparent proxy mode

--socks

Enable SOCKS5 proxy mode

-R URL, --reverse URL

Reverse proxy to upstream server (http[s]://host[:port])

-s SCRIPT

Path to Python script for flow manipulation

-r FILE

Read flows from file

-w FILE

Write flows to file

--ignore-hosts REGEX

Regex matching hosts to ignore (not intercepted)

--allow-hosts REGEX

Regex matching hosts to intercept

--anticache

Strip cache headers to prevent 304 responses

--insecure

Do not verify upstream SSL/TLS certificates

--cert SPEC

Add SSL certificate (path or directory)

--cadir DIR

Location of CA files (default: ~/.mitmproxy)

--no-http2

Disable HTTP/2 support

-q, --quiet

Quiet mode

-n, --no-server

Don't start a proxy server

--options

Dump all options as YAML

-h, --help

Show help message

CAVEATS

Intercepting HTTPS requires clients to trust the mitmproxy CA certificate, which can be found in ~/.mitmproxy. Transparent mode requires additional system configuration (iptables on Linux). Some applications implement certificate pinning and will refuse connections through mitmproxy. Intercepting traffic without authorization may violate laws.

HISTORY

mitmproxy was created by Aldo Cortesi and first released in 2010. Written in Python, it became a standard tool for web application security testing and debugging. The project introduced innovative features like the web interface (mitmweb) and a powerful scripting API. It gained widespread adoption among security researchers, developers, and QA engineers for analyzing HTTP traffic.