An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Go to file
2011-03-19 12:47:37 +13:00
doc-src Docs and todo. 2011-03-19 12:47:37 +13:00
examples First pass of script hooks for mitmdump. 2011-02-18 12:40:45 +13:00
libmproxy Revamp key generation. 2011-03-18 16:45:31 +13:00
test Revamp key generation. 2011-03-18 16:45:31 +13:00
.gitignore Simple record & playback functionality 2011-02-10 02:59:51 +01:00
CHANGELOG Release mitmproxy 0.2 2010-03-01 17:25:27 +13:00
LICENSE Initial checkin. 2010-02-16 17:09:07 +13:00
MANIFEST.in Initial checkin. 2010-02-16 17:09:07 +13:00
mitmdump Unify mitmproxy and mitmdump commandline 2011-03-12 14:30:12 +13:00
mitmproxy Fix a number of small UI infelicities. 2011-03-13 21:16:42 +13:00
README.mkd Docs. 2011-03-19 12:32:44 +13:00
setup.py Minor fix to setup.py. 2011-03-18 10:35:09 +13:00
todo Docs and todo. 2011-03-19 12:47:37 +13:00

mitmproxy is an SSL-capable, intercepting HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP.

Both tools are fully documentented in the commandline --help flag, and, in the case of mitmproxy, a built-in help page accessible through the ? keyboard shortcut.

Capabilities

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Download

Releases can be found here: http://corte.si/projects.html

Source is hosted here: http://github.com/cortesi/mitmproxy

Requirements

  • A recent Python interpreter.
  • SSL certificates are generated using openssl
  • The curses interface relies on version 0.9.8 or newer of the urwid library.
  • The test suite uses the pry unit testing library.
  • mitmproxy is tested and developed on OSX, Linux and OpenBSD. You may be able to get it running using Cygwin on Windows, but don't count on it.

You should also make sure that your console environment is set up with the following:

  • EDITOR environment variable to determine the external editor.
  • PAGER environment variable to determine the external pager.
  • Appropriate entries in your mailcap files to determine external viewers for request and response contents.