mitmproxy
mitmproxy is a network proxy for testing and debugging HTTP and HTTPS traffic.
Getting stared
Usage
Option | Example | Description |
---|---|---|
-p |
mitmproxy -p 8001 | Start proxy on port 8001 |
-m |
mitmproxy -p 8001 -m reverse:http://127.0.0.1:4000 | Reverse proxy on port 8001 to port 4000 |
-w |
mitmproxy -p 8001 -w traffic.mitm | Stream flows to file as they arrive |
-r |
mitmproxy -r traffic.mitm | Read flows from file |
-C |
mitmproxy -C traffic.mitm | Replay client requests from a saved file |
-S |
mitmproxy -S traffic.mitm | Replay server responses from a saved file |
-s |
mitmproxy -s myScript.py | Execute a script |
-h |
mitmproxy -h | mitmproxy quick help |
Movement
k Ctrl b
▲ ▲▲
│ ││
h ◀ ─── + ─── ▶ l ││ page
│ ││
▼ ▼▼
j Ctrl f / Space
h , j , k ,l |
Left, Down, Up, Right |
Ctrl b |
Page up |
Space / Ctrl f |
Page down |
g / G |
Go to beginning / end |
Arrows |
Up, Down, Left, Right |
Common Keybindings
q |
Back / Exit |
z |
Clear flow list |
: |
Command prompt |
E |
View event log |
O |
View options |
r |
Replay this flow |
Tab |
Next |
Enter |
Select |
Global Keybindings
- |
Cycle to next layout |
? |
View help |
B |
Start an attached browser |
C |
View commands |
I |
Toggle intercept |
K |
View key bindings |
P |
View flow details |
Q |
Exit immediately |
W |
Stream to file |
i |
Set intercept |
Ctrl right |
Focus next layout pane |
Shift tab |
Focus next layout pane |
Flow (View)
A |
Resume all intercepted flows | |
D |
Duplicate flow | |
F |
Set focus follow | |
L |
Load flows from file | |
M |
Toggle viewing marked flows | |
S |
Start server replay | |
U |
Un-set all marks | |
V |
Revert changes to this flow | |
X |
Kill this flow | |
Z |
Purge all flows not showing | |
a |
Resume this intercepted flow | |
b |
Save response body to file | |
d |
Delete flow from view | |
e |
Export this flow to file | |
f |
Set view filter | |
m |
Toggle mark on this flow | |
n |
Create a new flow | |
o |
Set flow list order | |
r |
Replay this flow | |
v |
Reverse flow list order | |
w |
Save listed flows to file | |
` | ` | Run a script on this flow | |
Ctrl l |
Send cuts to clipboard |
Filter
Filter
f |
Set view filter (on flow view page) |
The regex are Python-style, it can be specified as quoted strings
Operators
! |
unary not | |
& |
and | |
` | ` | or | |
(...) |
grouping |
Expressions
~a |
Match asset in response: CSS, Javascript, Flash, images. |
~b regex |
Body |
~bq regex |
Request body |
~bs regex |
Response body |
~c int |
HTTP response code |
~d regex |
Domain |
~dst regex |
Match destination address |
~e |
Match error |
~h regex |
Header |
~hq regex |
Request header |
~hs regex |
Response header |
~http |
Match HTTP flows |
~m regex |
Method |
~marked |
Match marked flows |
~q |
Match request with no response |
~s |
Match response |
~src regex |
Match source address |
~t regex |
Content-type header |
~tcp |
Match TCP flows |
~tq regex |
Request Content-Type header |
~ts regex |
Response Content-Type header |
~u regex |
URL |
~websocket |
Match WebSocket flows (and HTTP-WebSocket handshake flows) |
Flow selectors
Expressions
@all |
All flows |
@focus |
The currently focused flow |
@shown |
All flows currently shown |
@hidden |
All flows currently hidden |
@marked |
All marked flows |
@unmarked |
All unmarked flows |
mitmproxy has a set of convenient flow selectors that operate on the current view
Examples
URL containing “google.com”
google\.com
Requests whose body contains the string “test”
~q ~b test
Anything but requests with a text/html content type:
!(~q & ~t "text/html")
Replace entire GET string in a request (quotes required to make it work):
":~q ~m GET:.*:/replacement.html"
Scripts
Custom response
from mitmproxy import http
def request(flow: http.HTTPFlow) -> None:
if flow.request.pretty_url == "http://example.com/path":
flow.response = http.HTTPResponse.make(
200, # (optional) status code
b"Hello World", # (optional) content
{"Content-Type": "text/html"} # (optional) headers
)
Send a reply from the proxy without sending any data to the remote server
Add header
class AddHeader:
def __init__(self):
self.num = 0
def response(self, flow):
self.num = self.num + 1
flow.response.headers["count"] = str(self.num)
addons = [
AddHeader()
]
Add an HTTP header to each response
See also
- mitmproxy addons (github.com)
- mitmproxy docs (mitmproxy.org)