Introduction
Mitmproxy is an interactive man-in-the-middle proxy for HTTP and HTTPS with a console interface.
Features
- Intercept HTTP & HTTPS requests and responses and modify them on the fly
- Save complete HTTP conversations for later replay and analysis
- Replay the client-side of an HTTP conversations
- Replay HTTP responses of a previously recorded server
- Reverse proxy mode to forward traffic to a specified server
- Transparent proxy mode on OSX and Linux
- Make scripted changes to HTTP traffic using Python
- SSL/TLS certificates for interception are generated on the fly
- And much, much more…
The mitmproxy 3 Main tools and commands are:
mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.
mitmweb is a web-based interface for mitmproxy.
mitmproxy command line is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing.
It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols.
You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.
MitmProxy WorkShop
we need newer Python version > 3.4, That’s reuired by mitmproxy, so will install the EPEL and SCL repositoires as following
yum install epel-release yum install centos-release-scl
For mor information about centos-release-scl
see The Software Collections ( SCL ) Repository
Install Python 3.6 version
yum install rh-python36-python rh-python36-python-devel rh-python36-PyYAML
Now we need to add Python 3.6 safely and permanent to PATH Environment Variable
echo 'pathmunge /opt/rh/rh-python36/root/usr/bin' > /etc/profile.d/python36.sh
update pip3.6 and install pyasn package
pip3.6 install --upgrade pip pip3.6 install pyasn
Install mitmproxy
pip3.6 install mitmproxy
Extacting mitmproxy options for our profile
mitmproxy -p 8888 --options > ~/.mitmproxy/config.yaml
now we get the man in the middle proxy ready to use,
and we can override default options using ~/.mitmproxy/config.yaml
configuration file.
for more about available options and information.
Run the mitmproxy
mitmproxy -p port_number
to running but listen to public IP address
you can modify the config files ~/.mitmproxy/config.yaml
by allowing “true” for remote access
# Allow remote clients to connect to proxy. If set to false, client will # not be able to connect to proxy unless it is on the same network or # the proxyauth option is set Type bool. #allow_remote: false allow_remote: true
Installing complete.
Next step ie, injecting codes, debugging, redirection and more..
Useful links
- https://github.com/ondrakrat/js-mitm-proxy
- https://mitmproxy.org/
- https://security.stackexchange.com/questions/72652/javascript-injection-using-man-in-the-middle-attack
- http://pankajmalhotra.com/Injecting-Javascript-In-HTML-Content-Using-MITM-Proxy
- https://blog.heckel.xyz/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone/
- https://blog.miguelgrinberg.com/post/easy-websockets-with-flask-and-gevent