/mitmproxy

An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

Primary LanguageJavaScriptMIT LicenseMIT

Build Status Coverage Status Latest Version Supported Python versions Supported Python implementations

mitmproxy is an interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

libmproxy is the library that mitmproxy and mitmdump are built on.

Documentation, tutorials and distribution packages can be found on the mitmproxy.org website:

mitmproxy.org.

You can find complete directions for installing mitmproxy here.

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Transparent proxy mode on OSX and Linux.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.
  • And much, much more.

mitmproxy is tested and developed on OSX, Linux and OpenBSD. On Windows, only mitmdump is supported, which does not have a graphical user interface.

Hacking

Requirements

Optional packages for extended content decoding:

For convenience, all optional dependencies can be installed with

pip install "mitmproxy[contentviews]"

Setting up a dev environment

The following procedure is recommended to set up your dev environment:

$ git clone https://github.com/mitmproxy/mitmproxy.git
$ cd mitmproxy
$ pip install --src . -r requirements.txt

This installs the latest GitHub versions of mitmproxy, netlib and pathod into mitmproxy/. All other development dependencies save countershape are installed into their usual locations.

Testing

The test suite requires the dev extra requirements listed in setup.py. Install these with:

pip install "mitmproxy[dev]"

Please ensure that all patches are accompanied by matching changes in the test suite. The project maintains 100% test coverage.

Docs

Rendering the documentation requires countershape. After installation, you can render the documentation to the doc like this:

cshape doc-src doc