mitmproxy

Start mitmproxy with default settings (will listen on port 8080)

$ mitmproxy

$ mitmproxy --listen-host [ip_address] [[-p|--listen-port]] [port]

$ mitmproxy [[-s|--scripts]] [path/to/script.py]

$ SSLKEYLOGFILE="[path/to/file]" mitmproxy

$ mitmproxy [[-m|--mode]] [regular|transparent|socks5|...]

$ mitmproxy --console-layout [horizontal|single|vertical]

$ mitmproxy [[-w|--save-stream-file]] [path/to/dump.mitm]

$ mitmproxy [[-nr|--no-server --rfile]] [path/to/dump.mitm]

mitmproxy [options] [filters]

-p , --listen-port
    The port mitmproxy listens on for incoming connections.

-m , --mode
    Specifies the proxy mode (e.g., regular, transparent, reverse:<spec>, socks5).

-s , --script
    Path to a Python script to execute, allowing for custom traffic manipulation.

--set
    Sets a configuration option (e.g., console_default_flow_display_filter='~m post').

--ssl-insecure
    Disables upstream server certificate verification. Useful for testing against self-signed or invalid certificates.

--certs
    Add an SSL certificate to use for interception. Can be specified multiple times.

--ignore-hosts
    A regular expression that matches hostnames which should not be MITM'd.

--allow-hosts
    A regular expression that matches hostnames which should be MITM'd. If both ignore-hosts and allow-hosts are specified, ignore-hosts takes precedence.

mitmproxy is a powerful open-source interactive console tool that functions as an SSL/TLS-capable intercepting proxy. It allows developers, security researchers, and QA engineers to inspect, modify, and replay HTTP/1, HTTP/2, WebSockets, and other TCP connections.

It's often used for debugging web applications, security testing, and API exploration. Beyond its interactive console interface, mitmproxy also includes mitmdump for programmatic traffic manipulation via Python scripts and mitmweb for a web-based interface. Its core functionality involves acting as a man-in-the-middle, intercepting traffic, decrypting SSL/TLS, and then presenting it for analysis or modification before forwarding it. It supports various proxy modes, including transparent and regular HTTP proxy.

Requires trust of mitmproxy's root CA certificate on the client device to decrypt HTTPS/TLS traffic.
Can be used for malicious purposes if installed unknowingly on a system.
Performance can be affected by high traffic volume due to decryption and inspection overhead.
Some applications employ SSL pinning, which can bypass mitmproxy's interception.

mitmproxy automatically generates and manages its own SSL/TLS certificates. For HTTPS interception, the client device needs to trust mitmproxy's root CA certificate, which can be easily installed by browsing to mitm.it through the proxy.

One of mitmproxy's most powerful features is its extensibility via Python scripts. Users can write custom scripts to programmatically modify requests and responses, inject data, log specific events, or automate complex testing scenarios. This is typically done via mitmdump or directly from mitmproxy using the -s option.

mitmproxy supports various modes:
Regular Proxy: The client explicitly configures the proxy.
Transparent Proxy: Traffic is redirected to mitmproxy without client configuration, often via firewall rules.
Reverse Proxy: mitmproxy acts as a front-end to a specific upstream server.
SOCKS5 Proxy: Supports SOCKS5 proxy protocol.

mitmproxy was first released in 2010. It quickly gained popularity as an open-source alternative to commercial proxy tools like Burp Suite, particularly for its scriptability and command-line interface. Its development has been community-driven, continuously adding support for newer protocols (like HTTP/2 and WebSockets) and features, evolving from a simple proxy into a comprehensive network debugging and testing suite. It is written in Python.

curl(1), wget(1), tcpdump(8), wireshark(1), mitmdump, mitmweb