diff --git a/.appveyor.yml b/.appveyor.yml
index d7a877535..8116647c0 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -1,9 +1,13 @@
 version: '{build}'
 build: off  # Not a C# project
+
 environment:
   matrix:
     - PYTHON: "C:\\Python27"
-  PATH: "%APPDATA%\\Python\\Scripts;C:\\Python27;C:\\Python27\\Scripts;%PATH%"
+      TOXENV: "py27-ci"
+    - PYTHON: "C:\\Python35"
+      TOXENV: "py35-ci-win"
+
   SNAPSHOT_HOST:
     secure: NeTo57s2rJhCd/mjKHetXVxCFd3uhr8txnjnAXD1tUI=
   SNAPSHOT_PORT:
@@ -12,22 +16,29 @@ environment:
     secure: 6yBwmO5gv4vAwoFYII8qjQ==
   SNAPSHOT_PASS:
     secure: LPjrtFrWxYhOVGXzfPRV1GjtZE/wHoKq9m/PI6hSalfysUK5p2DxTG9uHlb4Q9qV
+
 install:
-  - "pip install --user -U virtualenv codecov"
-  - "dev.bat"
-  - "python -c \"from OpenSSL import SSL; print(SSL.SSLeay_version(SSL.SSLEAY_VERSION))\""
+  - "SET PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%"
+  - "python -m pip install --disable-pip-version-check -U pip"
+  - "pip install -U tox"
+
+before_test:
+  - "tox -e lint"
+
 test_script:
-  - "py.test --timeout 60 --cov netlib --cov mitmproxy --cov pathod"
-after_test:
-  - "codecov"
-cache:
-  - C:\Users\appveyor\AppData\Local\pip\cache
+  - "tox"
+
 deploy_script:
   ps: |
     if(($Env:APPVEYOR_REPO_BRANCH -match "master") -or ($Env:APPVEYOR_REPO_TAG -match "true")) {
-    python .\release\rtool.py bdist
-    python .\release\rtool.py upload-snapshot --bdist
+      python .\release\rtool.py bdist
+      python .\release\rtool.py upload-snapshot --bdist
     }
+
+cache:
+  - C:\Users\appveyor\AppData\Local\pip\cache
+  - C:\projects\mitmproxy\.tox
+
 notifications:
-- provider: Slack
-  incoming_webhook: https://hooks.slack.com/services/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
+  - provider: Slack
+    incoming_webhook: https://hooks.slack.com/services/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
diff --git a/README.rst b/README.rst
index a6e7f56c6..0a890582e 100644
--- a/README.rst
+++ b/README.rst
@@ -1,7 +1,7 @@
 mitmproxy
 ^^^^^^^^^
 
-|travis| |coverage| |latest_release| |python_versions|
+|travis| |appveyor| |coverage| |latest_release| |python_versions|
 
 This repository contains the **mitmproxy** and **pathod** projects, as well as
 their shared networking library, **netlib**.
@@ -172,9 +172,13 @@ PR checks will fail and block merging. We are using this command to check for st
     :target: http://slack.mitmproxy.org/
     :alt: Slack Developer Chat
 
-.. |travis| image:: https://shields.mitmproxy.org/travis/mitmproxy/mitmproxy/master.svg
+.. |travis| image:: https://shields.mitmproxy.org/travis/mitmproxy/mitmproxy/master.svg?label=Travis%20build
     :target: https://travis-ci.org/mitmproxy/mitmproxy
-    :alt: Build Status
+    :alt: Travis Build Status
+
+.. |appveyor| image:: https://shields.mitmproxy.org/appveyor/ci/mhils/mitmproxy/master.svg?label=Appveyor%20build
+    :target: https://ci.appveyor.com/project/mhils/mitmproxy
+    :alt: Appveyor Build Status
 
 .. |coverage| image:: https://codecov.io/gh/mitmproxy/mitmproxy/branch/master/graph/badge.svg
     :target: https://codecov.io/gh/mitmproxy/mitmproxy
diff --git a/dev.bat b/dev.bat
index d979c73b0..fe0824e01 100644
--- a/dev.bat
+++ b/dev.bat
@@ -5,6 +5,8 @@ virtualenv %VENV% --always-copy
 if %errorlevel% neq 0 exit /b %errorlevel%
 call %VENV%\Scripts\activate.bat
 if %errorlevel% neq 0 exit /b %errorlevel%
+python -m pip install --disable-pip-version-check -U pip
+if %errorlevel% neq 0 exit /b %errorlevel%
 pip install -r requirements.txt
 if %errorlevel% neq 0 exit /b %errorlevel%
 
diff --git a/setup.cfg b/setup.cfg
index eeaac0c8b..7cbbf81bd 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -7,7 +7,7 @@ builtins = file,open,basestring,xrange,unicode,long,cmp
 
 [pytest]
 testpaths = test
-addopts = --capture=no
+addopts = --capture=no --color=yes
 
 [coverage:run]
 branch = True
diff --git a/tox.ini b/tox.ini
index db46a8aaa..bf1429098 100644
--- a/tox.ini
+++ b/tox.ini
@@ -5,30 +5,39 @@ envlist = py27, py35, docs, lint
 deps =
   -rrequirements.txt
   codecov>=2.0.5
-passenv = CI TRAVIS_BUILD_ID TRAVIS TRAVIS_BRANCH TRAVIS_JOB_NUMBER TRAVIS_PULL_REQUEST TRAVIS_JOB_ID TRAVIS_REPO_SLUG TRAVIS_COMMIT
+passenv = USERNAME HOME HOMEPATH LOCALAPPDATA CI TRAVIS TRAVIS_BUILD_ID TRAVIS_JOB_ID TRAVIS_BRANCH TRAVIS_JOB_NUMBER TRAVIS_PULL_REQUEST TRAVIS_REPO_SLUG TRAVIS_COMMIT
 setenv =
-    PY3TESTS =  test/netlib test/pathod/ test/mitmproxy/script test/mitmproxy/test_contentview.py test/mitmproxy/test_custom_contentview.py test/mitmproxy/test_app.py test/mitmproxy/test_controller.py test/mitmproxy/test_fuzzing.py test/mitmproxy/test_script.py test/mitmproxy/test_web_app.py test/mitmproxy/test_utils.py test/mitmproxy/test_stateobject.py test/mitmproxy/test_cmdline.py test/mitmproxy/test_contrib_tnetstring.py test/mitmproxy/test_proxy.py test/mitmproxy/test_protocol_http1.py test/mitmproxy/test_platform_pf.py
+  PY3TESTS = test/netlib test/pathod/ test/mitmproxy/script test/mitmproxy/test_contentview.py test/mitmproxy/test_custom_contentview.py test/mitmproxy/test_app.py test/mitmproxy/test_controller.py test/mitmproxy/test_fuzzing.py test/mitmproxy/test_script.py test/mitmproxy/test_web_app.py test/mitmproxy/test_utils.py test/mitmproxy/test_stateobject.py test/mitmproxy/test_cmdline.py test/mitmproxy/test_contrib_tnetstring.py test/mitmproxy/test_proxy.py test/mitmproxy/test_protocol_http1.py test/mitmproxy/test_platform_pf.py
 
 [testenv:py27]
 commands =
-  py.test -n 8 --color=yes --timeout 60 []
+  py.test -n 8 --timeout 60 []
 
 [testenv:py35]
 # remove bash & pipe & grep hack after cryptography ships with openssl 1.1.0
 whitelist_externals = bash
 commands =
-  bash -c 'set -o pipefail ; py.test -n 8 --color=yes --timeout 60 {env:PY3TESTS:} 2>&1 | grep -v Cryptography_locking_cb'
+  bash -c 'set -o pipefail ; py.test -n 8 --timeout 60 {env:PY3TESTS:} 2>&1 | grep -v Cryptography_locking_cb'
 
 [testenv:py27-ci]
 commands =
-  py.test --cov netlib --cov mitmproxy --cov pathod --color=yes --timeout 60 ./test
+  py.test --cov netlib --cov mitmproxy --cov pathod --timeout 60
   codecov -e TOXENV
 
 [testenv:py35-ci]
 # remove bash & pipe & grep hack after cryptography ships with openssl 1.1.0
 whitelist_externals = bash
 commands =
-  bash -c 'set -o pipefail ; py.test --cov netlib --cov mitmproxy --cov pathod --color=yes --timeout 60 {env:PY3TESTS:} 2>&1 | grep -v Cryptography_locking_cb'
+  bash -c 'set -o pipefail ; py.test --cov netlib --cov mitmproxy --cov pathod --timeout 60 {env:PY3TESTS:} 2>&1 | grep -v Cryptography_locking_cb'
+  codecov -e TOXENV
+
+[testenv:py35-ci-win]
+deps =
+  https://snapshots.mitmproxy.org/misc/lxml-3.6.0-cp35-cp35m-win32.whl
+  codecov>=2.0.5
+  .[dev]
+commands =
+  py.test --cov netlib --cov mitmproxy --cov pathod --timeout 60 {env:PY3TESTS:}
   codecov -e TOXENV
 
 [testenv:docs]
@@ -39,5 +48,6 @@ setenv = SPHINXOPTS="-W"
 commands = make -e html
 
 [testenv:lint]
-deps = flake8>=2.5.4, <3
+basepython = python2.7
+deps = flake8>=2.6.2, <3
 commands = flake8 --jobs 8 --count mitmproxy netlib pathod examples test