Skip to content

An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

License

Notifications You must be signed in to change notification settings

aksvenk/mitmproxy

 
 

Repository files navigation

Build Status Coverage Status Downloads Latest Version Supported Python versions

mitmproxy is an interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

libmproxy is the library that mitmproxy and mitmdump are built on.

Documentation & Help

Documentation, tutorials and distribution packages can be found on the mitmproxy website.

mitmproxy.org

Installation Instructions are available in the docs.

Documentation

You can join our developer chat on Slack.

Slack Developer Chat

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Transparent proxy mode on OSX and Linux.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.
  • And much, much more.

mitmproxy is tested and developed on OSX, Linux and OpenBSD. On Windows, only mitmdump is supported, which does not have a graphical user interface.

Hacking

To get started hacking on mitmproxy, make sure you have Python 2.7.x. with virtualenv installed (you can find installation instructions for virtualenv here). Then do the following:

git clone https://github.com/mitmproxy/mitmproxy.git
git clone https://github.com/mitmproxy/netlib.git
git clone https://github.com/mitmproxy/pathod.git
cd mitmproxy
./dev

The dev script will create a virtualenv environment in a directory called "venv.mitmproxy", and install all of mitmproxy's development requirements, plus all optional modules. The primary mitmproxy components - mitmproxy, netlib and pathod - are all installed "editable", so any changes to the source in the git checkouts will be reflected live in the virtualenv.

To confirm that you're up and running, activate the virtualenv, and run the mitmproxy test suite:

. ../venv.mitmproxy/bin/activate # ..\venv.mitmproxy\Scripts\activate.bat on Windows
nosetests ./test

Note that the main executables for the project - mitmdump, mitmproxy and mitmweb - are all created within the virtualenv. After activating the virtualenv, they will be on your $PATH, and you can run them like any other command:

mitmdump --version

For convenience, the project includes an autoenv file (.env) that auto-activates the virtualenv when you cd into the mitmproxy directory.

Testing

If you've followed the procedure above, you already have all the development requirements installed, and you can simply run the test suite:

nosetests --with-cov --cov-report term-missing

Please ensure that all patches are accompanied by matching changes in the test suite. The project maintains 100% test coverage.

Docs

The mitmproxy documentation is build using Sphinx, which is installed automatically if you set up a development environment as described above. After installation, you can render the documentation like this:

cd docs
make clean
make html
make livehtml

The last command invokes sphinx-autobuild, which watches the Sphinx directory and rebuilds the documentation when a change is detected.

About

An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 67.1%
  • Python 25.4%
  • CSS 7.3%
  • Other 0.2%