mitmproxy
What is mitmproxy?
mitmproxyAn open-source interactive TLS-capable proxy used by security and QA engineers to intercept, inspect, modify, and replay HTTP and HTTPS traffic.
mitmproxy is a Python-based tool that ships as a terminal UI (mitmproxy), a web UI (mitmweb), and a scriptable command-line proxy (mitmdump). It transparently terminates TLS using a generated CA that must be trusted by the client, lets the user pause, edit, and replay requests, and supports add-ons written in Python to automate analysis. Security testers use mitmproxy to audit mobile apps, fuzz REST and GraphQL APIs, capture undocumented protocols, and validate certificate pinning. Note that mitmproxy is a legitimate defensive and testing tool, not an attack tool: it requires control of the device or network and a trusted CA, so it is unsuitable for adversary-in-the-middle attacks against untrusting clients.
● Examples
- 01
Intercepting an iOS app's API calls by routing the device through a mitmproxy instance and trusting its CA on the phone.
- 02
Writing a Python add-on that automatically modifies authentication headers to fuzz an API for IDOR vulnerabilities.
● Frequently asked questions
What is mitmproxy?
An open-source interactive TLS-capable proxy used by security and QA engineers to intercept, inspect, modify, and replay HTTP and HTTPS traffic. It belongs to the Defense & Operations category of cybersecurity.
What does mitmproxy mean?
An open-source interactive TLS-capable proxy used by security and QA engineers to intercept, inspect, modify, and replay HTTP and HTTPS traffic.
How does mitmproxy work?
mitmproxy is a Python-based tool that ships as a terminal UI (mitmproxy), a web UI (mitmweb), and a scriptable command-line proxy (mitmdump). It transparently terminates TLS using a generated CA that must be trusted by the client, lets the user pause, edit, and replay requests, and supports add-ons written in Python to automate analysis. Security testers use mitmproxy to audit mobile apps, fuzz REST and GraphQL APIs, capture undocumented protocols, and validate certificate pinning. Note that mitmproxy is a legitimate defensive and testing tool, not an attack tool: it requires control of the device or network and a trusted CA, so it is unsuitable for adversary-in-the-middle attacks against untrusting clients.
How do you defend against mitmproxy?
Defences for mitmproxy typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for mitmproxy?
Common alternative names include: mitmweb, mitmdump.
● Related terms
- defense-ops№ 134
Burp Suite
An intercepting web proxy and testing toolkit by PortSwigger, used to discover, manipulate, and exploit vulnerabilities in HTTP and HTTPS applications.
- defense-ops№ 1245
Wireshark
An open-source network protocol analyzer that captures and inspects packets in real time for troubleshooting, security analysis, and education.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- network-security№ 295
Deep Packet Inspection (DPI)
An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.
- appsec№ 052
API Security
The discipline of designing, building and operating application programming interfaces so that authentication, authorization, data exposure and abuse-resistance hold up under attack.
● See also
- № 806PCAP