

How mitmproxy works - veb
http://corte.si/posts/code/mitmproxy/howitworks/index.html

======
tptacek
This is a great, informative post; I'd just point out that generating on-the-
fly certs is a basic functionality of all the web app testing tools, Burp
Suite being the most famous.

If you haven't looked at Burp Suite and, unlike Aldo Cortesi, can stomach
running a Java program (I don't like Java either, but...), Burp is both the
industry standard tool used by appsec testing for web work _and_ pretty
inexpensive for what it does.

~~~
cortesi
I run plenty of Java every day without breaking out in hives. I don't
particularly enjoy _writing_ Java, though, and the most natural way to extend
the Java interceptors is to use Java (Jython notwithstanding). I could have
been clearer about this in my post.

I should also add - Burp is a fine tool, but I would hope there's room for
more than a single "industry standard" in this area. Mitmproxy has some
comparative strengths, is completely open, and is improving rapidly. I'd hate
for people to be discouraged from trying it out and helping to make it better.

------
WatchDog
From the documentation, the mitmdump utility is likened to tcpdump. Can
mitmdump work without being configured as a proxy/router, ie: using
libpcap/tcpdump?

I guess it wouldn't really be mitm in this regard, but manipulating the
traffic is not always needed.

Currently I use httpry to watch http traffic without interfering with its
flow, but httpry is fairly limited in its functionality.

By the way, very impressive piece of software. Its nice to have more quality
open tools like this.

~~~
cortesi
[edit: I actually misread your question. We don't at the moment have
reassembly of HTTP flows from pcaps in base, but there's an external project
that does this. As another comment noted, transparent mode is probably still
your best bet. <https://github.com/cjneasbi/mitmextract>]

Yes, it's very similar to tcpdump in this respect. You can write flows to disk
like this:

    
    
       mitmdump -w outfile
    

And then read them back:

    
    
       mitmdump -r outfile
    

All the standard options for modifying, replaying and filtering are available
when you read saved flows. So you could do this:

    
    
       mitmdump -r outfile -s foo.py -w newfile
    

Which will read flows from file, run the script foo.py over each flow as its
read (which can then modify them arbitrarily), and then write the result to
newfile.

~~~
WatchDog
Transparent mode is great but invasive, and mitmextract is fine for non real-
time analysis.

Sometimes you might want to analyze traffic on production systems and changing
routes is not an option.

What I would love to see is a way of doing a non-invasive, realtime processing
of http traffic, eg when a specific post request is made, trigger some job.

~~~
cortesi
That would be nice indeed. Mitmextract uses libnids, which can do stream
reassembly on the fly. It's not such a big step going from reassembling a pcap
file to doing the same thing on network traffic.

------
mogui
Great article really! I develop mobile application and you don't know how your
software is indispensable for me :) i use it quite everyday really appreciated

------
SkippyZA
mitmproxy = Malcolm in the Middle Proxy?

~~~
bvdbijl
Mitm=man in the middle

