Mitmproxy CheatSheet

The Mitmproxy cheat sheet is an invaluable resource for web developers, security testers, and anyone looking to gain a deeper understanding of network traffic. This comprehensive guide provides a wealth of information on the powerful Mitmproxy tool, including detailed command descriptions, helpful shortcuts, and tips for advanced use cases.

Whether you're intercepting traffic to perform security testing or simply debugging web applications, Mitmproxy's robust features make it an essential tool for any developer. With SSL interception, customizable scripting capabilities, and more, there's no limit to what you can accomplish with this powerful tool.

Our cheat sheet offers a concise yet thorough overview of Mitmproxy's capabilities, making it the perfect reference guide for both beginners and experienced users alike. So why settle for less? Download the Mitmproxy cheat sheet today and start taking your web development and security testing to new heights!

Table of Content

# Getting started Mitmproxy

What is Mitmproxy ?

Mitmproxy is a command-line tool that acts as an HTTP and HTTPS proxy and records all the traffic. You can easily see what requests are being made and even replay them. Its great for diagnosing problems.

Mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.


  • Intercept HTTP & HTTPS requests and responses and modify them on the fly
  • Save complete HTTP conversations for later replay and analysis
  • Replay the client-side of an HTTP conversations
  • Replay HTTP responses of a previously recorded server
  • Reverse proxy mode to forward traffic to a specified server
  • Transparent proxy mode on macOS and Linux
  • Make scripted changes to HTTP traffic using Python
  • SSL/TLS certificates for interception are generated on the fly

How Mitmproxy Work ?

MITM proxy and Charles proxy is an HTTP proxy/HTTP monitor that enables developers to view all of the HTTP and SSL/HTTPS traffic between the client and the server. The MITM in its name stands for Man-In-The-Middle, the basic idea behind it is to pretend to be the server to the client and pretend to be the client to the server, while in the middle we can observe the traffic coming from both sides on MITM proxy monitor.

The tricky part is that the Certificate Authority system is to create secure connections to a server via the Internet, by allowing a trusted party to cryptographically sign a servers certificates to verify that they are legit. As we know if the server has a Certificate authority with both public and private keys if the client which has these keys can only connect securely to the Sever. If this signature doesnt match a secure client will simply drop the connection and refuse to proceed, to overcome this Mitmproxy includes a full CA implementation that generates interception certificates on the fly. To get the client to trust these certificates, we register Mitmproxy as a trusted CA with the device manually.


Option Example Description
-p mitmproxy -p 8001 Start proxy on port 8001
-m mitmproxy -p 8001 -m reverse: Reverse proxy on port 8001 to port 4000
-w mitmproxy -p 8001 -w traffic.mitm Stream flows to file as they arrive
-r mitmproxy -r traffic.mitm Read flows from file
-C mitmproxy -C traffic.mitm Replay client requests from a saved file
-S mitmproxy -S traffic.mitm Replay server responses from a saved file
-s mitmproxy -s Execute a script
-h mitmproxy -h mitmproxy quick help


        k                 Ctrl b
        ?                   ??
        ?                   ??
h ? ??? + ??? ? l           ?? page
        ?                   ??
        ?                   ??
        j             Ctrl f / Space 
- -
h, j, k ,l Left, Down, Up, Right
Ctrl b Page up
Space / Ctrl f Page down
g / G Go to beginning / end
Arrows Up, Down, Left, Right

Common Keybindings

- -
q Back / Exit
z Clear flow list
: Command prompt
E View event log
O View options
r Replay this flow
Tab Next
Enter Select

Global Keybindings

- -
- Cycle to next layout
? View help
B Start an attached browser
C View commands
I Toggle intercept
K View key bindings
P View flow details
Q Exit immediately
W Stream to file
i Set intercept
Ctrl right Focus next layout pane
Shift tab Focus next layout pane

Flow (View)

- -
A Resume all intercepted flows
D Duplicate flow
F Set focus follow
L Load flows from file
M Toggle viewing marked flows
S Start server replay
U Un-set all marks
V Revert changes to this flow
X Kill this flow
Z Purge all flows not showing
a Resume this intercepted flow
b Save response body to file
d Delete flow from view
e Export this flow to file
f Set view filter
m Toggle mark on this flow
n Create a new flow
o Set flow list order
r Replay this flow
v Reverse flow list order
w Save listed flows to file
| Run a script on this flow
Ctrl l Send cuts to clipboard

# Filter in Mitmproxy


- -
f Set view filter (on flow view page)


- -
! unary not
& and
| or
(...) grouping


- -
~a Match asset in response: CSS, Javascript, Flash, images.
~b regex Body
~bq regex Request body
~bs regex Response body
~c int HTTP response code
~d regex Domain
~dst regex Match destination address
~e Match error
~h regex Header
~hq regex Request header
~hs regex Response header
~http Match HTTP flows
~m regex Method
~marked Match marked flows
~q Match request with no response
~s Match response
~src regex Match source address
~t regex Content-type header
~tcp Match TCP flows
~tq regex Request Content-Type header
~ts regex Response Content-Type header
~u regex URL
~websocket Match WebSocket flows (and HTTP-WebSocket handshake flows)

Flow selectors

- -
@all All flows
@focus The currently focused flow
@shown All flows currently shown
@hidden All flows currently hidden
@marked All marked flows
@unmarked All unmarked flows


URL containing ""


Requests whose body contains the string "test"

~q ~b test

Anything but requests with a text/html content type:

!(~q & ~t "text/html")

Replace entire GET string in a request (quotes required to make it work):

":~q ~m GET:.*:/replacement.html"

# Scripts in Mitmproxy

Custom response

from mitmproxy import http

def request(flow: http.HTTPFlow) -> None:
    if flow.request.pretty_url == "":
        flow.response = http.HTTPResponse.make(
            200,  # (optional) status code
            b"Hello World",  # (optional) content
            {"Content-Type": "text/html"}  # (optional) headers

Add header

class AddHeader:
    def __init__(self):
        self.num = 0

    def response(self, flow):
        self.num = self.num + 1
        flow.response.headers["count"] = str(self.num)

addons = [

Best Suggest