mitmweb

Start mitmweb with default settings

$ mitmweb

$ mitmweb --listen-host [ip_address] --listen-port [port]

$ mitmweb --scripts [path/to/script.py]

mitmweb [options] [filter_expression]

Examples:
mitmweb -p 8080 --mode transparent
mitmweb --web-port 8081 --set stream_large_bodies=true
mitmweb "~q google.com"

--host
    Host address for the proxy listener to bind to (e.g., 0.0.0.0 for all interfaces).

--port
    Port for the proxy listener. Default is 8080.

--mode
    Proxy operation mode: regular, transparent, reverse:spec, or socks5.

--web-host
    Host address for the mitmweb UI to bind to. Default is 127.0.0.1.

--web-port
    Port for the mitmweb UI. Default is 8081.

--set
    Set a specific mitmproxy option (e.g., stream_large_bodies=true).

--confdir
    Directory for configuration files, including SSL certificates.

--ssl-insecure
    Disable verification of upstream server SSL certificates.

--ignore-hosts
    Traffic to hosts matching the regex bypasses the proxy.

--allow-hosts
    Only traffic to hosts matching the regex is proxied.

--anticache
    Strip Cache-Control and If-Modified-Since headers from requests.

--upstream-proxy
    Chain to another upstream proxy (e.g., http://localhost:8080).

--filter
    Apply an initial filter expression to the displayed flows in the UI.

mitmweb serves as the web-based graphical user interface (GUI) for the powerful mitmproxy tool. mitmproxy itself is an interactive, SSL/TLS-capable intercepting HTTP proxy, primarily used for debugging, testing, and security assessments of network applications. mitmweb extends this functionality by providing a convenient browser-accessible interface that allows users to inspect, filter, modify, replay, and save HTTP/HTTPS traffic.

It's particularly useful for those who prefer a visual workflow over a command-line interface, enabling easier navigation through complex network flows, quick editing of requests/responses, and real-time monitoring of communication. Built on the same core as mitmproxy and mitmdump, mitmweb inherits all their robust features, including support for various proxy modes (regular, transparent, reverse, SOCKS5) and powerful Python scripting for automating tasks and advanced traffic manipulation. It simplifies the process of understanding and interacting with network protocols, making it an invaluable tool for developers, QA engineers, and security researchers.

• Root/Sudo Privileges: Running mitmweb in transparent mode on privileged ports (below 1024) typically requires root or sudo privileges.
• Certificate Trust: For HTTPS interception, the mitmproxy CA certificate must be installed and trusted by the client device or browser to avoid security warnings.
• Performance: While powerful for debugging and development, mitmweb is not designed for high-volume production proxying or load-testing.
• Python Dependency: Requires a Python environment to be installed and configured.

mitmweb supports several proxy modes, inheriting them from the mitmproxy core:

• Regular Proxy: Clients explicitly configure mitmweb as their HTTP/HTTPS proxy.
• Transparent Proxy: Traffic is redirected to mitmweb without client-side configuration, often through firewall rules. This typically requires specific operating system setup and root privileges.
• Reverse Proxy: mitmweb acts as a frontend to a specific upstream server, making it appear as if mitmweb is the origin server.
• SOCKS5 Proxy: A general-purpose proxy that can handle various types of network traffic, not just HTTP/HTTPS.

To intercept and decrypt HTTPS traffic, mitmweb generates its own Certificate Authority (CA) certificate. For this to work without security warnings, this CA certificate must be installed and trusted on the client device (e.g., browser, mobile phone, operating system). The easiest way to do this is by navigating to http://mitm.it through the proxy, which provides instructions and download links for the CA certificate.

Like mitmproxy, mitmweb offers powerful event-driven Python scripting capabilities. Users can write Python scripts that intercept and modify traffic on the fly, automate tests, or implement custom logic. These scripts can interact with various events in the proxy's lifecycle (e.g., request received, response sent) and can be loaded via the --scripts option (though often managed outside the direct mitmweb command-line invocation in more complex setups).

mitmproxy, the project behind mitmweb, was initially released in 2010 by @cortesi. As the core project evolved, the need for a more accessible, browser-based interface became apparent. mitmweb was subsequently introduced as a part of the mitmproxy suite, leveraging the same robust proxy engine while providing a rich graphical user interface. This allowed users to interact with traffic flows visually, making it easier to filter, modify, and analyze data without needing to master command-line intricacies. It has since been actively developed and maintained by the mitmproxy community, continuously integrating new features and improving usability.

mitmproxy(1), mitmdump(1), curl(1), wget(1), tcpdump(1), openssl(1)