Hacker Newsnew | comments | show | ask | jobs | submit login

Not to be confused with mitm-proxy[1], which is java-based.

For diagnostics I'd prefer something like Paros[2], Burp[3] or WebScarab[4], which has a graphical interface, but this one seems to offer a quite nice scripting API which I'll have to take a closer look at.

[1] http://crypto.stanford.edu/ssl-mitm/

[2] http://www.parosproxy.org/

[3] http://www.portswigger.net/burp/proxy.html

[4] https://www.owasp.org/index.php/Category:OWASP_WebScarab_Pro...




I have used stanford's ssl-mitm, Paros and WebScarab. The one being shown here is better than all of them, actually.

The textual interface is actually a curses-based interface that lets you do stuff as you would normally do in paros, such as capture a request or edit a request and replay it. So it is not just like you're watching logs. You can take many kinds of actions from within that text interface, and very quiclky. The scripting API is also very good.

-----


I would also recommend Charles. I use it daily. Inexpensive too. http://www.charlesproxy.com/

-----


Burp is fantastic. The free version is great, the paid version (which is very cheap) is even better. All our developers use burp to catch traffic between their development simulators and the testbed for debugging.

-----


Agreed, I've also used Burp to great effect. I'm glad this field is getting a lot of attention.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: