/mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Primary LanguagePythonMIT LicenseMIT

mitmproxy

Continuous Integration Status Coverage Status Latest Version Supported Python versions

This repository contains the mitmproxy and pathod projects.

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

mitmweb is a web-based interface for mitmproxy.

pathoc and pathod are perverse HTTP client and server applications designed to let you craft almost any conceivable HTTP request, including ones that creatively violate the standards.

Documentation & Help

General information, tutorials, and precompiled binaries can be found on the mitmproxy website.

mitmproxy.org

The documentation for mitmproxy is available on our website:

mitmproxy documentation stable mitmproxy documentation master

If you have questions on how to use mitmproxy, please ask them on StackOverflow!

StackOverflow: mitmproxy

Join our developer chat on Slack if you would like to contribute to mitmproxy itself.

Slack Developer Chat

Installation

The installation instructions are here. If you want to contribute changes, keep on reading.

Contributing

As an open source project, mitmproxy welcomes contributions of all forms. If you would like to bring the project forward, please consider contributing in the following areas:

  • Maintenance: We are incredibly thankful for individuals who are stepping up and helping with maintenance. This includes (but is not limited to) triaging issues, reviewing pull requests and picking up stale ones, helping out other users on StackOverflow, creating minimal, complete and verifiable examples or test cases for existing bug reports, updating documentation, or fixing minor bugs that have recently been reported.
  • Code Contributions: We actively mark issues that we consider are good first contributions. If you intend to work on a larger contribution to the project, please come talk to us first.

Development Setup

To get started hacking on mitmproxy, please install a recent version of Python (we require at least 3.6). The following commands should work on your system:

python3 --version
python3 -m pip --help
python3 -m venv --help

If all of this run successfully, do the following:

git clone https://github.com/mitmproxy/mitmproxy.git
cd mitmproxy
./dev.sh  # "powershell .\dev.ps1" on Windows

The dev script will create a virtualenv environment in a directory called "venv" and install all mandatory and optional dependencies into it. The primary mitmproxy components - mitmproxy and pathod - are installed as "editable", so any changes to the source in the repository will be reflected live in the virtualenv.

The main executables for the project - mitmdump, mitmproxy, mitmweb, pathod, and pathoc - are all created within the virtualenv. After activating the virtualenv, they will be on your $PATH, and you can run them like any other command:

. venv/bin/activate  # "venv\Scripts\activate" on Windows
mitmdump --version

Testing

If you've followed the procedure above, you already have all the development requirements installed, and you can run the full test suite with tox:

tox -e py    # runs Python tests
tox -e lint  # checks code style

For speedier testing, we recommend you run pytest directly on individual test files or folders:

cd test/mitmproxy/addons
pytest --cov mitmproxy.addons.anticache --cov-report term-missing --looponfail test_anticache.py

Pytest does not check the code style, so you want to run tox -e lint again before committing.

Please ensure that all patches are accompanied by matching changes in the test suite. The project tries to maintain 100% test coverage and enforces this strictly for some parts of the codebase.

Documentation

The following tools are required to build the mitmproxy docs:

cd docs
modd

Code Style

Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8 and the Google Style Guide unless there's a very good reason not to.

This is automatically enforced on every PR. If we detect a linting error, the PR checks will fail and block merging. You can run our lint checks yourself with the following command:

tox -e lint