Skip to content

pureproxy/mitmproxy

Repository files navigation

Follow on Twitter NPM

MitmProxy

MitmProxy is a simple but very flexible, streaming proxy server. The main purpose of this server is to be used as a base building block for creating intercepting proxy servers and applications.

How To Install

You need to install this library as a dependency like this:

$ npm install @pureproxy/mitmproxy

How To Use

The following code starts the proxy server as is:

const MitmProxy = require('@pureproxy/mitmproxy')

const server = new MitmProxy()

server.listen(8080)

Create your own certificate manager like this:

const MitmProxy = require('@pureproxy/mitmproxy')
const { CertManager } = require('@pureproxy/mitmproxy/lib/cert-manager')

const server = new MitmProxy({ certManager: new CertManager() })

server.listen(8080)

You can also persist the certificates to disk like this:

const MitmProxy = require('@pureproxy/mitmproxy')
const { CertManagerFs } = require('@pureproxy/mitmproxy/lib/cert-manager-fs')

const server = new MitmProxy({ certManager: new CertManagerFs('./cert-folder') })

server.listen(8080)

Add additional features by extending the ProxyServer class:

const stream = require('stream')
const MitmProxy = require('@pureproxy/mitmproxy')

const server = new class extends MitmProxy {
  wrapClientForObservableStreaming(client, { hostname, port, context }) {
    // return a duplex stream (like sockets) to monitor all data in transit

    return new class extends stream.Duplex {
      constructor() {
        super()

        client.on('data', (data) => {
          // log incoming data

          console.log('<<<', data)

          this.push(data)
        })
      }

      _write(data, encoding, callback) {
        // log outgoing data

        console.log('>>>', data)

        client.write(data)

        callback()
      }

      _read() {}
    }
  }

  shouldIntercept(hostname, port, context) {
    return true
  }
}

server.listen(8080)

FAQ

The general FAQ can be found in the mitmproxy project page.

Q: Can I intercept TLS/SSL? - You can intercept any traffic by performing an active man-in-the-middle attack against the connected clients. This is done by default with MITM Proxy if shouldIntercept returns true.

Q: How can I intercept the whole HTTP request/response? - This can be implemented in a similar way as pureproxy parses HTTP requests. This library does not come with builtin mechanisms for this.

Q: Who is using this library? - The code is used in secapps.com tools and services. It is also used by Pown Proxy tool.

Q: Can you make the API programmer-friendly? - I did. Checkout out utils for example how to implement full-features proxy servers with minimal requirements and development overhead.