An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
Pull request Compare This branch is 4776 commits behind mitmproxy:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
doc-src
examples
libmproxy
scripts
test
.gitignore
CHANGELOG
CONTRIBUTORS
LICENSE
MANIFEST.in
README.mkd
README.txt
mitmdump
mitmproxy
setup.py
todo

README.mkd

mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the user interface. Think tcpdump for HTTP.

Complete documentation and a set of practical tutorials is included in the distribution package, and is also available at mitmproxy.org.

Features

  • Intercept HTTP requests and responses and modify them on the fly.
  • Save complete HTTP conversations for later replay and analysis.
  • Replay the client-side of an HTTP conversations.
  • Replay HTTP responses of a previously recorded server.
  • Reverse proxy mode to forward traffic to a specified server.
  • Make scripted changes to HTTP traffic using Python.
  • SSL certificates for interception are generated on the fly.

Download

Releases and rendered documentation can be found on the mitmproxy website:

mitmproxy.org

Source is hosted on github:

github.com/cortesi/mitmproxy

Community

Come join us in the #mitmproxy channel on the OFTC IRC network (irc://irc.oftc.net:6667).

We also have a mailing list, hosted here:

http://groups.google.com/group/mitmproxy

Requirements

mitmproxy is tested and developed on OSX, Linux and OpenBSD.

You should also make sure that your console environment is set up with the following:

  • EDITOR environment variable to determine the external editor.
  • PAGER environment variable to determine the external pager.
  • Appropriate entries in your mailcap files to determine external viewers for request and response contents.