LinuxCommandLibrary

mitmproxy

Intercept, inspect, and modify network traffic

TLDR

Start mitmproxy with default settings (will listen on port 8080)

$ mitmproxy
copy

Start mitmproxy bound to a custom address and port
$ mitmproxy --listen-host [ip_address] [[-p|--listen-port]] [port]
copy

Start mitmproxy using a script to process traffic
$ mitmproxy [[-s|--scripts]] [path/to/script.py]
copy

Export the logs with SSL/TLS master keys to external programs (wireshark, etc.)
$ SSLKEYLOGFILE="[path/to/file]" mitmproxy
copy

Specify mode of operation of the proxy server (regular is the default)
$ mitmproxy [[-m|--mode]] [regular|transparent|socks5|...]
copy

Set the console layout
$ mitmproxy --console-layout [horizontal|single|vertical]
copy

SYNOPSIS

mitmproxy [options] [script]

PARAMETERS

-h, --help
    Show a help message and exit.

-p PORT, --listen-port PORT
    Port to listen on (default: 8080).

-a ADDRESS, --listen-host ADDRESS
    Address to listen on (default: '').

--mode MODE
    Proxy mode (default: regular). Can be regular, transparent, reverse, socks5, upstream:SPEC, or offscreen.

-s SCRIPT, --script SCRIPT
    Path to a Python script to use as an add-on.

--set KEY=VALUE
    Set an option.

--version
    Show program's version number and exit.

--no-http2
    Disable HTTP/2 support.

--ssl-insecure
    Disable certificate verification.

DESCRIPTION

mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. It allows you to intercept, inspect, modify and replay HTTP/1, HTTP/2, HTTP/3, WebSocket, TLS/SSL, and other TCP traffic. It's useful for debugging, testing, privacy research, and security assessments. Unlike simpler proxies, mitmproxy provides a rich interface for inspecting and manipulating traffic flows in real-time. You can view HTTP headers, modify request and response bodies, inject custom scripts, and even replay captured sessions. It supports various add-ons to extend its functionality, making it highly customizable. mitmproxy supports scripting in Python, allowing you to automate complex tasks and integrate it with other tools.

CAVEATS

Setting up the client to trust the mitmproxy-generated certificate requires extra steps. This is important to correctly intercept TLS traffic.
HTTP/3 support may be experimental and require specific configurations.

ADDONS

mitmproxy supports addons, which are python scripts that can extend its functionality. These add-ons can intercept and modify traffic, automate tasks, and integrate with other tools. Addons provide a powerful way to customize mitmproxy to meet specific needs.

PROXY MODES

mitmproxy offers several proxy modes including regular, transparent, reverse, and socks5, which allows to adapt the tool to different network scenarios.

SEE ALSO

tcpdump(1), wireshark(1)

Copied to clipboard