An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Go to file
Aldo Cortesi 6cb40d03f4 Fix a number of small UI infelicities.
- Make request/response view switching behave sensibly
- Avoid having an empty string appear in connection view text. This makes urwid
misbehave.
- Make it clear that intercept and cookies specifications are filters.
2011-03-13 21:16:42 +13:00
doc-src Stub out doc structure, add screenshots for configuring certs in Firefox. 2011-02-19 19:43:44 +13:00
examples First pass of script hooks for mitmdump. 2011-02-18 12:40:45 +13:00
libmproxy Fix a number of small UI infelicities. 2011-03-13 21:16:42 +13:00
test Fix a traceback sometimes triggered viewing a connection with no response. 2011-03-13 20:03:13 +13:00
.gitignore Simple record & playback functionality 2011-02-10 02:59:51 +01:00
CHANGELOG Release mitmproxy 0.2 2010-03-01 17:25:27 +13:00
LICENSE Initial checkin. 2010-02-16 17:09:07 +13:00
MANIFEST.in Initial checkin. 2010-02-16 17:09:07 +13:00
mitmdump Unify mitmproxy and mitmdump commandline 2011-03-12 14:30:12 +13:00
mitmproxy Fix a number of small UI infelicities. 2011-03-13 21:16:42 +13:00
README.mkd Make README reflect reality. 2011-02-21 12:11:41 +13:00
setup.py Fix setup.py 2011-02-21 12:04:24 +13:00
todo Add -c and -C options to mitmdump to control sticky cookies. 2011-02-25 17:32:03 +13:00

mitmproxy is an interactive SSL-capable intercepting HTTP proxy. It lets you to observe, modify and replay requests and responses on the fly. The underlying library that mitmproxy is built on can also be used to do these things programmatically.

By default, mitmproxy starts up with a mutt-like interactive curses interface - the built-in help page (which you can view by pressing "?") will tell you everything you need to know. Note that requests and responses are stored in-memory until you delete them, so leaving mitmproxy running indefinitely or requesting very large amounts of data through it is a bad idea.

SSL

The first time mitmproxy is started, it will generate a bogus SSL certificate authority (the default location is ~/.mitmproxy/ca.pem). This CA is used to generate certificates for SSL requests on-the-fly. To avoid the hassle of having to accept these certificates individually, you can add the certificate authority to your browser or globally to your system.

Documentation

A rendered version of the docs for the latest release can be found here:

http://corte.si/projects.html

Download

Releases can be found here: http://corte.si/projects.html

Source is hosted here: http://github.com/cortesi/mitmproxy

Requirements

  • A recent Python interpreter.
  • SSL certificates are generated using openssl
  • The curses interface relies on version 0.9.8 or newer of the urwid library.
  • The test suite uses the pry unit testing library.

You should also make sure that your console environment is set up with the following:

  • EDITOR environment variable to determine the external editor.
  • PAGER environment variable to determine the external pager.
  • Appropriate entries in your mailcap files to determine external viewers for request and response contents.