I just want to take a bit of space and mention both how useful MITMproxy has been for me in the past and also how generally awesome Aldo Cortesi is; I hope I have opportunity to work with him someday.
Aldo is a perfectionist. He keeps on pushing off the release date so that he can iron out every single bug he knew of, non-trivial part of which are caused by other services. The world does become a better place with this whole new version of mitmproxy.
For SSL, I hope there's more tools like Echo Mirage[1] or PaiMei[2] which could just hook SSL dynamic modules instead of MITM CA cert spoofing.
You can encrypt/decrypt TLS/SSL traffic by intercepting read/write calls for Schannel SSP/OpenSSL. I hope some project could support Android and iOS using similar methods.
These are good for certain specific tests, but they're too inconsistent to trust for professional testing. There's always the chance that you're hooking the wrong thing (or nothing at all, in the case of a statically linked OpenSSL in a version you don't know/have FLIRT-ish symbols for).
I used to use this technique a whole lot, but I've gone to 100% MITMing via cert spoofing/replacement.
Ironically, it has been a week of not being able to do that, and instead surreptitiously patching binaries and (in one case) a kernel, here at the shop. I read the parent comment earlier and thought "man, I miss Pai Mei."
Yeah, there are definitely cases where you can't swap out certs and all that, but in those cases the automated tools just fall down anyway. I don't miss the days of manually compiling OpenSSL with specific flags to generate just the right FLIRT symbols to find the methods I needed to hook.
Though, so is using a SOCKS or HTTP proxy. To be consistent, the tool should really be reading PCAP dumps. Too many applications either don't support proxies, or only use them for some things.
The best exception to this that I can think of is Chrome, which even tunnels Silverlight and Flash through its defined proxy.
Cert spoofing also gets you past issues in dev with self-signed certs etc. Hooking into OpenSSL will leave you with the problems in your browser.
This is particularly handy when the browser hits one of the many, many issues where it won't even make a request; eliminating all of the cert issues at a stroke without modifying the browser is at least a step towards diagnosing the problem.
Although it would be nice if chrome logged why it isn't making those requests.
You can also try proxify (http://www.gnucitizen.org/blog/landing-proxify/) actual cross-platform binary that is based on top of NSS. It has been designed to be really fast as it is not buffering anything. It also has a lot of useful command line options.
