On-the-fly decryption proxy for MikroTik RouterOS WebFig sessions



WebFig is a web management interface that comes with MikroTik's RouterOS. By default it encrypts HTTP traffic (even without SSL/TLS) by implementing an authentication and encryption scheme similar to PPTP (MS-CHAP-V2 for authentication, MPPE key derivation and RC4 for encryption). WebFixy is a web proxy that decrypts WebFig sessions on-the-fly in order to observe the communication between a browser and a RouterOS host. It also supports encryption of payloads, which allows to tamper with traffic. However, currently there are various limitations for tampering.

Check out this blog post for some more information.


The proxy functionality is implemented with aiohttp which is based on asyncio. Therefore WebFixy requires at least Python 3.3!


The only mandatory argument is --target which is the IP address or hostname of the RouterOS system running WebFig:

python webfixy.py --target

This will start the proxy listener on localhost port 8080. In order to start a WebFig session over the browser, just use the listener socket instead of the actual RouterOS host:

The proxy will login with the default username admin and an empty password. This can be changed by supplying the actual login credentials:

python webfixy.py --target --user admin --password supersecret