mitmproxy
mitmproxy is a network proxy for testing and debugging HTTP and HTTPS traffic.
Getting stared
Usage
| Option | Example | Description |
|---|---|---|
-p | mitmproxy -p 8001 | Start proxy on port 8001 |
-m | mitmproxy -p 8001 -m reverse:http://127.0.0.1:4000 | Reverse proxy on port 8001 to port 4000 |
-w | mitmproxy -p 8001 -w traffic.mitm | Stream flows to file as they arrive |
-r | mitmproxy -r traffic.mitm | Read flows from file |
-C | mitmproxy -C traffic.mitm | Replay client requests from a saved file |
-S | mitmproxy -S traffic.mitm | Replay server responses from a saved file |
-s | mitmproxy -s myScript.py | Execute a script |
-h | mitmproxy -h | mitmproxy quick help |
Movement
k Ctrl b
▲ ▲▲
│ ││
h ◀ ─── + ─── ▶ l ││ page
│ ││
▼ ▼▼
j Ctrl f / Space
h, j, k ,l | Left, Down, Up, Right |
Ctrl b | Page up |
Space / Ctrl f | Page down |
g / G | Go to beginning / end |
Arrows | Up, Down, Left, Right |
Common Keybindings
q | Back / Exit |
z | Clear flow list |
: | Command prompt |
E | View event log |
O | View options |
r | Replay this flow |
Tab | Next |
Enter | Select |
Global Keybindings
- | Cycle to next layout |
? | View help |
B | Start an attached browser |
C | View commands |
I | Toggle intercept |
K | View key bindings |
P | View flow details |
Q | Exit immediately |
W | Stream to file |
i | Set intercept |
Ctrl right | Focus next layout pane |
Shift tab | Focus next layout pane |
Flow (View)
A | Resume all intercepted flows | |
D | Duplicate flow | |
F | Set focus follow | |
L | Load flows from file | |
M | Toggle viewing marked flows | |
S | Start server replay | |
U | Un-set all marks | |
V | Revert changes to this flow | |
X | Kill this flow | |
Z | Purge all flows not showing | |
a | Resume this intercepted flow | |
b | Save response body to file | |
d | Delete flow from view | |
e | Export this flow to file | |
f | Set view filter | |
m | Toggle mark on this flow | |
n | Create a new flow | |
o | Set flow list order | |
r | Replay this flow | |
v | Reverse flow list order | |
w | Save listed flows to file | |
| ` | ` | Run a script on this flow | |
Ctrl l | Send cuts to clipboard |
Filter
Filter
f | Set view filter (on flow view page) |
The regex are Python-style, it can be specified as quoted strings
Operators
! | unary not | |
& | and | |
| ` | ` | or | |
(...) | grouping |
Expressions
~a | Match asset in response: CSS, Javascript, Flash, images. |
~b regex | Body |
~bq regex | Request body |
~bs regex | Response body |
~c int | HTTP response code |
~d regex | Domain |
~dst regex | Match destination address |
~e | Match error |
~h regex | Header |
~hq regex | Request header |
~hs regex | Response header |
~http | Match HTTP flows |
~m regex | Method |
~marked | Match marked flows |
~q | Match request with no response |
~s | Match response |
~src regex | Match source address |
~t regex | Content-type header |
~tcp | Match TCP flows |
~tq regex | Request Content-Type header |
~ts regex | Response Content-Type header |
~u regex | URL |
~websocket | Match WebSocket flows (and HTTP-WebSocket handshake flows) |
Flow selectors
Expressions
@all | All flows |
@focus | The currently focused flow |
@shown | All flows currently shown |
@hidden | All flows currently hidden |
@marked | All marked flows |
@unmarked | All unmarked flows |
mitmproxy has a set of convenient flow selectors that operate on the current view
Examples
URL containing “google.com”
google\.com
Requests whose body contains the string “test”
~q ~b test
Anything but requests with a text/html content type:
!(~q & ~t "text/html")
Replace entire GET string in a request (quotes required to make it work):
":~q ~m GET:.*:/replacement.html"
Scripts
Custom response
from mitmproxy import http
def request(flow: http.HTTPFlow) -> None:
if flow.request.pretty_url == "http://example.com/path":
flow.response = http.HTTPResponse.make(
200, # (optional) status code
b"Hello World", # (optional) content
{"Content-Type": "text/html"} # (optional) headers
)
Send a reply from the proxy without sending any data to the remote server
Add header
class AddHeader:
def __init__(self):
self.num = 0
def response(self, flow):
self.num = self.num + 1
flow.response.headers["count"] = str(self.num)
addons = [
AddHeader()
]
Add an HTTP header to each response
See also
- mitmproxy addons (github.com)
- mitmproxy docs (mitmproxy.org)