An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Go to file
2011-02-16 11:20:00 +13:00
doc-src Documentation updates. 2011-01-25 10:59:50 +13:00
examples Initial checkin. 2010-02-16 17:09:07 +13:00
libmproxy drop unused protocol parameter from Response 2011-02-15 22:24:38 +01:00
test Repair unit test to match removal of arg from Response class. 2011-02-16 11:20:00 +13:00
.gitignore Simple record & playback functionality 2011-02-10 02:59:51 +01:00
CHANGELOG Release mitmproxy 0.2 2010-03-01 17:25:27 +13:00
LICENSE Initial checkin. 2010-02-16 17:09:07 +13:00
MANIFEST.in Initial checkin. 2010-02-16 17:09:07 +13:00
mitmdump Implement a dummy CA 2011-02-10 02:59:51 +01:00
mitmplayback Implement a dummy CA 2011-02-10 02:59:51 +01:00
mitmproxy Implement a dummy CA 2011-02-10 02:59:51 +01:00
mitmrecord Implement a dummy CA 2011-02-10 02:59:51 +01:00
README.mkd Simple record & playback functionality 2011-02-10 02:59:51 +01:00
setup.py Simple record & playback functionality 2011-02-10 02:59:51 +01:00
todo Rip out BeautifulSoup, and use a custom XML-ish prettyprinter. 2011-02-06 14:17:30 +13:00

This version is modified to add recording and playback capabilities enabling mitmproxy to record a complete session and allow clients to play back the same session against the recorded data.

The store is enabled by using the --store=.. option to mitmproxy or by using the noninteractive mitmrecord program.

To play back a recorded session use the mitmplayback program.

Original README follows:

mitmproxy is an interactive SSL-capable intercepting HTTP proxy. It lets you to observe, modify and replay requests and responses on the fly. The underlying library that mitmproxy is built on can also be used to do these things programmatically.

By default, mitmproxy starts up with a mutt-like interactive curses interface - the built-in help page (which you can view by pressing "?") will tell you everything you need to know. Note that requests and responses are stored in-memory until you delete them, so leaving mitmproxy running indefinitely or requesting very large amounts of data through it is a bad idea.

SSL

The first time mitmproxy is started, it will generate a bogus SSL certificate (the default location is ~/.mitmproxy/cert.pem). This certificate will be used for the browser-side of intercepted traffic. Because it won't match any domain you visit, and won't verify against any certificate authority, you will have to add an exception for each site you visit. SSL requests are intercepted by simply assuming that all CONNECT requests are https. The connection from the browser is wrapped in SSL, and we read the request by pretending to be the connecting server. We then open an SSL request to the destination server, and replay the request.

Documentation

A rendered version of the docs for the latest release can be found here:

http://corte.si/projects

Download

Releases can be found here: http://corte.si/projects

Source is hosted here: http://github.com/cortesi/mitmproxy

Requirements

  • A recent Python interpreter.
  • SSL certificates are generated using openssl
  • The curses interface relies on version 0.9.8 or newer of the urwid library.
  • The test suite uses the pry unit testing library.

You should also make sure that your console environment is set up with the following:

  • EDITOR environment variable to determine the external editor.
  • PAGER environment variable to determine the external pager.
  • Appropriate entries in your mailcap files to determine external viewers for request and response contents.