Sniffing & Spoofingproxyhttphttpsmitminterceptssltrafficanalysis

mitmproxy

mitmproxy is an interactive man-in-the-middle proxy for HTTP and HTTPS traffic. It allows inspection and editing of traffic flows on the fly via a console interface.

Description

mitmproxy serves as an SSL-capable man-in-the-middle HTTP proxy, enabling users to intercept, inspect, and modify HTTP and HTTPS requests and responses in real-time. It provides a console interface for interactive traffic manipulation, making it ideal for debugging, testing, and security analysis of web applications and network communications.

Key use cases include saving HTTP conversations for later replay and analysis, replaying client-side or server-side interactions, and operating in reverse proxy or transparent proxy modes on Linux and OSX. The tool also supports scripted modifications to HTTP traffic using Python, enhancing automation for complex testing scenarios.

Additionally, mitmdump offers a command-line alternative to mitmproxy with identical core functionality but without the graphical interface, similar to tcpdump for HTTP traffic. mitmweb provides a web-based UI for easier interaction.

How It Works

mitmproxy operates as a man-in-the-middle proxy that intercepts HTTP and HTTPS traffic by binding to a specified host and port, defaulting to 8080 for regular HTTP proxy. It generates SSL/TLS certificates on the fly for secure interception, allowing transparent proxying on supported platforms. Traffic flows can be filtered, viewed, modified via patterns for bodies, headers, remote mappings, or local files, and replayed from saved flows. Python scripting enables custom modifications, with mitmdump providing non-interactive dumping and mitmweb a web interface.

Installation

bash

sudo apt install mitmproxy

Flags

-p PORT, --listen-port PORTPort to bind proxy server(s) to (may be overridden for individual modes, see `mode`). By default, the port is mode-specific. The default regular HTTP proxy spawns on port 8080.

--listen-host HOSTAddress to bind proxy server(s) to (may be overridden for individual modes, see `mode`).

-n, --no-serverNo server mode flag.

--certs SPECSSL certificates of the form "[domain=]path". The domain may include a wildcard, and is equal to "*" if not specified.

-C PATH, --client-replay PATHReplay client requests from a saved file. May be passed multiple times.

-S PATH, --server-replay PATHReplay server responses from a saved file. May be passed multiple times.

-M PATTERN, --map-remote PATTERNMap remote resources to another remote URL using a pattern of the form "[/flow-filter]/url-regex/replacement".

-B PATTERN, --modify-body PATTERNReplacement pattern of the form "[/flow-filter]/regex/[@]replacement" for modifying bodies.

--intercept FILTERIntercept filter expression.

--view-filter FILTERLimit the view to matching flows.

Examples

Run mitmproxy listening on port 2139.

mitmproxy -p 2139

Show help for mitmdump.

mitmdump -h

Show help for mitmproxy.

mitmproxy -h

Show help for mitmweb.

mitmweb -h

Run mitmdump with a filter expression, equivalent to setting both the view_filter and save_stream_filter options.

mitmdump [filter]

Run mitmproxy on default port 8080.

mitmproxy -p 8080

Replay client requests from a saved flow file.

mitmdump --client-replay file.flow

Run mitmproxy intercepting flows matching the filter for /api URLs.

mitmproxy --listen-port 8080 --intercept '~u /api'

Updated 2026-04-16kali.org ↗