An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Go to file
Aldo Cortesi d5e3722c97 Fix an issue caused by some editors when editing a request/response body.
Many editors make it hard save a file without a terminating newline on the last
line. When editing message bodies, this can cause problems. For now, I just
strip the newlines off the end of the body when we return from an editor.
2012-01-21 12:43:00 +13:00
doc-src Help docs have ~r as an example but ~r isn't valid. I think it's supposed to be ~q. 2011-12-28 16:47:30 -05:00
examples README and minor felicities for script examples. 2011-08-27 09:24:04 +12:00
libmproxy Fix an issue caused by some editors when editing a request/response body. 2012-01-21 12:43:00 +13:00
scripts Add a script to generate a contributors list, and use it to make a CONTRIBUTORS file. 2011-03-19 20:34:53 +13:00
test Fix an issue caused by some editors when editing a request/response body. 2012-01-21 12:43:00 +13:00
.gitignore Simple record & playback functionality 2011-02-10 02:59:51 +01:00
CHANGELOG 0.6 changelog 2011-08-07 09:41:39 +12:00
CONTRIBUTORS Prep for 0.6 release. 2011-08-06 21:19:22 +12:00
LICENSE Add an "SSL exception" to the license. 2011-06-02 10:43:11 +12:00
MANIFEST.in Spell-check docs, setup.py fixes, add missing files to manifest. 2011-03-30 12:05:50 +13:00
README.mkd We now have a mailing list and an IRC channel 2011-08-07 09:52:13 +12:00
mitmdump Add HTTP body size limit specification to command-line tools. 2011-09-09 15:27:31 +12:00
mitmproxy Change size limit cmdline flag to -Z, enable size limits for replay. 2011-09-09 17:31:36 +12:00
setup.py Update trove classiviers in setup.py 2011-08-07 11:18:26 +12:00
todo Doc and help adjustments. 2011-08-03 19:15:01 +12:00

README.mkd

mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP.

Both tools are fully documentented in the commandline --help flag, and, in the case of mitmproxy, a built-in help page accessible through the ? keyboard shortcut.

Capabilities

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Download

Releases and rendered documentation can be found on the mitmproxy website:

mitmproxy.org

Source is hosted on github:

github.com/cortesi/mitmproxy

Community

Come join us in the #mitmproxy channel on the OFTC IRC network (irc://irc.oftc.net:6667).

We also have a mailing list, hosted here:

http://groups.google.com/group/mitmproxy

Requirements

  • Python 2.6.x or 2.7.x.
  • openssl - installed by default on most systems.
  • urwid version 0.9.8 or newer.
  • The test suite uses the pry unit testing library.
  • Rendering the documentation requires countershape.

mitmproxy is tested and developed on OSX, Linux and OpenBSD.

You should also make sure that your console environment is set up with the following:

  • EDITOR environment variable to determine the external editor.
  • PAGER environment variable to determine the external pager.
  • Appropriate entries in your mailcap files to determine external viewers for request and response contents.