mitmproxy Package Description
mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. Also shipped is mitmdump, the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP.
Features:
- intercept and modify HTTP traffic on the fly
- save HTTP conversations for later replay and analysis
- replay both HTTP clients and servers
- make scripted changes to HTTP traffic using Python
- SSL interception certs generated on the fly
Source: http://mitmproxy.org/
mitmproxy Homepage | Kali mitmproxy Repo
- Author: Aldo Cortesi
- License: GPLv3
Tools included in the mitmproxy package
mitmproxy – SSL-capable man-in-the-middle HTTP proxy
[email protected]:~# mitmproxy -h
usage: mitmproxy [options]
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-b ADDR Address to bind proxy to (defaults to all interfaces)
--anticache Strip out request headers that might cause the server
to return 304-not-modified.
--confdir CONFDIR Configuration directory. (~/.mitmproxy)
-e Show event log.
-n Don't start a proxy server.
-p PORT Proxy service port.
-P REVERSE_PROXY Reverse proxy to upstream server:
http[s]://host[:port]
-F FORWARD_PROXY Proxy to unconditionally forward to:
http[s]://host[:port]
-q Quiet.
-r RFILE Read flows from file.
-s "script.py --bar" Run a script. Surround with quotes to pass script
arguments. Can be passed multiple times.
-t FILTER Set sticky cookie filter. Matched against requests.
-T Set transparent proxy mode.
-u FILTER Set sticky auth filter. Matched against requests.
-v Increase verbosity. Can be passed multiple times.
-w WFILE Write flows to file.
-z Try to convince servers to send us un-compressed data.
-Z SIZE Byte size limit of HTTP request and response bodies.
Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
--host Use the Host header to construct URLs for display.
--no-upstream-cert Don't connect to upstream server to look up
certificate details.
--debug
--palette PALETTE Select color palette: dark, light, solarized_dark,
solarized_light
Web App:
-a Disable the mitmproxy web app.
--app-host host Domain to serve the app from. For transparent mode,
use an IP when a DNS entry for the app domain is not
present. Default: mitm.it
--app-port 80 Port to serve the app from.
--app-external Serve the app outside of the proxy.
Client Replay:
-c PATH Replay client requests from a saved file.
Server Replay:
-S PATH Replay server responses from a saved file.
-k Kill extra requests during replay.
--rheader RHEADERS Request headers to be considered during replay. Can be
passed multiple times.
--norefresh Disable response refresh, which updates times in
cookies and headers for replayed responses.
--no-pop Disable response pop from response flow. This makes it
possible to replay same response multiple times.
Replacements:
Replacements are of the form "/pattern/regex/replacement", where the
separator can be any character. Please see the documentation for more
information.
--replace PATTERN Replacement pattern.
--replace-from-file PATH
Replacement pattern, where the replacement clause is a
path to a file.
Set Headers:
Header specifications are of the form "/pattern/header/value", where the
separator can be any character. Please see the documentation for more
information.
--setheader PATTERN Header set pattern.
Proxy Authentication:
Specify which users are allowed to access the proxy and the method used
for authenticating them. These options are ignored if the proxy is in
transparent or reverse proxy mode.
--nonanonymous Allow access to any user long as a credentials are
specified.
--singleuser USER Allows access to a a single user, specified in the
form username:password.
--htpasswd PATH Allow access to users specified in an Apache htpasswd
file.
SSL:
--cert CERT User-created SSL certificate file.
--client-certs CLIENTCERTS
Client certificate directory.
Filters:
See help in mitmproxy for filter expression syntax.
-i INTERCEPT, --intercept INTERCEPT
Intercept filter expression.
mitmdump (the command-line companion to mitmproxy) – A souped-up tcpdump for HTTP
[email protected]:~# mitmdump -h
usage: mitmdump [options] [filter]
positional arguments:
args
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-b ADDR Address to bind proxy to (defaults to all interfaces)
--anticache Strip out request headers that might cause the server
to return 304-not-modified.
--confdir CONFDIR Configuration directory. (~/.mitmproxy)
-e Show event log.
-n Don't start a proxy server.
-p PORT Proxy service port.
-P REVERSE_PROXY Reverse proxy to upstream server:
http[s]://host[:port]
-F FORWARD_PROXY Proxy to unconditionally forward to:
http[s]://host[:port]
-q Quiet.
-r RFILE Read flows from file.
-s "script.py --bar" Run a script. Surround with quotes to pass script
arguments. Can be passed multiple times.
-t FILTER Set sticky cookie filter. Matched against requests.
-T Set transparent proxy mode.
-u FILTER Set sticky auth filter. Matched against requests.
-v Increase verbosity. Can be passed multiple times.
-w WFILE Write flows to file.
-z Try to convince servers to send us un-compressed data.
-Z SIZE Byte size limit of HTTP request and response bodies.
Understands k/m/g suffixes, i.e. 3m for 3 megabytes.
--host Use the Host header to construct URLs for display.
--no-upstream-cert Don't connect to upstream server to look up
certificate details.
--keepserving Continue serving after client playback or file read.
We exit by default.
Web App:
-a Disable the mitmproxy web app.
--app-host host Domain to serve the app from. For transparent mode,
use an IP when a DNS entry for the app domain is not
present. Default: mitm.it
--app-port 80 Port to serve the app from.
--app-external Serve the app outside of the proxy.
Client Replay:
-c PATH Replay client requests from a saved file.
Server Replay:
-S PATH Replay server responses from a saved file.
-k Kill extra requests during replay.
--rheader RHEADERS Request headers to be considered during replay. Can be
passed multiple times.
--norefresh Disable response refresh, which updates times in
cookies and headers for replayed responses.
--no-pop Disable response pop from response flow. This makes it
possible to replay same response multiple times.
Replacements:
Replacements are of the form "/pattern/regex/replacement", where the
separator can be any character. Please see the documentation for more
information.
--replace PATTERN Replacement pattern.
--replace-from-file PATH
Replacement pattern, where the replacement clause is a
path to a file.
Set Headers:
Header specifications are of the form "/pattern/header/value", where the
separator can be any character. Please see the documentation for more
information.
--setheader PATTERN Header set pattern.
Proxy Authentication:
Specify which users are allowed to access the proxy and the method used
for authenticating them. These options are ignored if the proxy is in
transparent or reverse proxy mode.
--nonanonymous Allow access to any user long as a credentials are
specified.
--singleuser USER Allows access to a a single user, specified in the
form username:password.
--htpasswd PATH Allow access to users specified in an Apache htpasswd
file.
SSL:
--cert CERT User-created SSL certificate file.
--client-certs CLIENTCERTS
Client certificate directory.
mitmproxy Usage Example
Run mitmproxy listening (p) on port2139.
[email protected]:~# mitmproxy -p 2139