An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Go to file
Aldo Cortesi 96e714a74c Handle nonexistent load files gracefully.
Also improve IOError statusbar messages.
2011-01-27 15:20:07 +13:00
doc-src Documentation updates. 2011-01-25 10:59:50 +13:00
examples Initial checkin. 2010-02-16 17:09:07 +13:00
libmproxy Handle nonexistent load files gracefully. 2011-01-27 15:20:07 +13:00
test Add tab completion for save and load path specs. 2011-01-27 10:29:37 +13:00
.gitignore Initial checkin. 2010-02-16 17:09:07 +13:00
CHANGELOG Release mitmproxy 0.2 2010-03-01 17:25:27 +13:00
LICENSE Initial checkin. 2010-02-16 17:09:07 +13:00
MANIFEST.in Initial checkin. 2010-02-16 17:09:07 +13:00
README Documentation updates. 2011-01-25 10:59:50 +13:00
mitmdump Abstract flow management out of the interactive code. 2011-01-25 15:02:48 +13:00
mitmproxy Handle nonexistent load files gracefully. 2011-01-27 15:20:07 +13:00
setup.py Abstract flow management out of the interactive code. 2011-01-25 15:02:48 +13:00
todo Housekeeping: todo updates, move put handler_ methods together in console.py. 2010-03-01 15:08:39 +13:00

README

__mitmproxy__ is an interactive SSL-capable intercepting HTTP proxy. It lets
you to observe, modify and replay requests and responses on the fly. The
underlying library that mitmproxy is built on can also be used to do these
things programmatically. 

By default, mitmproxy starts up with a mutt-like interactive curses interface -
the built-in help page (which you can view by pressing "?") will tell you
everything you need to know. Note that requests and responses are stored
in-memory until you delete them, so leaving mitmproxy running indefinitely or
requesting very large amounts of data through it is a bad idea.

SSL
---

The first time mitmproxy is started, it will generate a bogus SSL certificate
(the default location is ~/.mitmproxy/cert.pem). This certificate will be used
for the browser-side of intercepted traffic. Because it won't match any domain
you visit, and won't verify against any certificate authority, you will have to
add an exception for each site you visit. SSL requests are intercepted by
simply assuming that all CONNECT requests are https. The connection from the
browser is wrapped in SSL, and we read the request by pretending to be the
connecting server. We then open an SSL request to the destination server, and
replay the request.


Documentation
-------------

A rendered version of the docs for the latest release can be found here:

http://corte.si/projects


Download
--------

Releases can be found here: http://corte.si/projects

Source is hosted here: http://github.com/cortesi/mitmproxy


Requirements
------------

* A recent [Python](http://www.python.org) interpreter.
* SSL certificates are generated using [openssl](http://www.openssl.org/)
* The curses interface relies on version 0.9.8 or newer of the
  [urwid](http://excess.org/urwid/) library.
* The test suite uses the [pry](http://github.com/cortesi/pry) unit testing
  library.

You should also make sure that your console environment is set up with the
following: 
    
* EDITOR environment variable to determine the external editor.
* PAGER environment variable to determine the external pager.
* Appropriate entries in your mailcap files to determine external
  viewers for request and response contents.