Mitmproxy CheatSheet

The Mitmproxy cheat sheet is an invaluable resource for web developers, security testers, and anyone looking to gain a deeper understanding of network traffic. This comprehensive guide provides a wealth of information on the powerful Mitmproxy tool, including detailed command descriptions, helpful shortcuts, and tips for advanced use cases.

Whether you're intercepting traffic to perform security testing or simply debugging web applications, Mitmproxy's robust features make it an essential tool for any developer. With SSL interception, customizable scripting capabilities, and more, there's no limit to what you can accomplish with this powerful tool.

Our cheat sheet offers a concise yet thorough overview of Mitmproxy's capabilities, making it the perfect reference guide for both beginners and experienced users alike. So why settle for less? Download the Mitmproxy cheat sheet today and start taking your web development and security testing to new heights!


Table of Content


Show more


# Getting started Mitmproxy


What is Mitmproxy ?

Mitmproxy is a command-line tool that acts as an HTTP and HTTPS proxy and records all the traffic. You can easily see what requests are being made and even replay them. Its great for diagnosing problems.

Mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on-the-fly, modify them before they reach their destination, and replay them to a client or server later on.

Also see: Mitmproxy Document

Features

  • Intercept HTTP & HTTPS requests and responses and modify them on the fly
  • Save complete HTTP conversations for later replay and analysis
  • Replay the client-side of an HTTP conversations
  • Replay HTTP responses of a previously recorded server
  • Reverse proxy mode to forward traffic to a specified server
  • Transparent proxy mode on macOS and Linux
  • Make scripted changes to HTTP traffic using Python
  • SSL/TLS certificates for interception are generated on the fly

How Mitmproxy Work ?

MITM proxy and Charles proxy is an HTTP proxy/HTTP monitor that enables developers to view all of the HTTP and SSL/HTTPS traffic between the client and the server. The MITM in its name stands for Man-In-The-Middle, the basic idea behind it is to pretend to be the server to the client and pretend to be the client to the server, while in the middle we can observe the traffic coming from both sides on MITM proxy monitor.

The tricky part is that the Certificate Authority system is to create secure connections to a server via the Internet, by allowing a trusted party to cryptographically sign a servers certificates to verify that they are legit. As we know if the server has a Certificate authority with both public and private keys if the client which has these keys can only connect securely to the Sever. If this signature doesnt match a secure client will simply drop the connection and refuse to proceed, to overcome this Mitmproxy includes a full CA implementation that generates interception certificates on the fly. To get the client to trust these certificates, we register Mitmproxy as a trusted CA with the device manually.

Usage

Option Example Description
-p mitmproxy -p 8001 Start proxy on port 8001
-m mitmproxy -p 8001 -m reverse:http://127.0.0.1:4000 Reverse proxy on port 8001 to port 4000
-w mitmproxy -p 8001 -w traffic.mitm Stream flows to file as they arrive
-r mitmproxy -r traffic.mitm Read flows from file
-C mitmproxy -C traffic.mitm Replay client requests from a saved file
-S mitmproxy -S traffic.mitm Replay server responses from a saved file
-s mitmproxy -s myScript.py Execute a script
-h mitmproxy -h mitmproxy quick help

Movement


        k                 Ctrl b
        ?                   ??
        ?                   ??
h ? ??? + ??? ? l           ?? page
        ?                   ??
        ?                   ??
        j             Ctrl f / Space
- -
h, j, k ,l Left, Down, Up, Right
Ctrl b Page up
Space / Ctrl f Page down
g / G Go to beginning / end
Arrows Up, Down, Left, Right

Common Keybindings

- -
q Back / Exit
z Clear flow list
: Command prompt
E View event log
O View options
r Replay this flow
Tab Next
Enter Select

Global Keybindings

- -
- Cycle to next layout
? View help
B Start an attached browser
C View commands
I Toggle intercept
K View key bindings
P View flow details
Q Exit immediately
W Stream to file
i Set intercept
Ctrl right Focus next layout pane
Shift tab Focus next layout pane

Flow (View)

- -
A Resume all intercepted flows
D Duplicate flow
F Set focus follow
L Load flows from file
M Toggle viewing marked flows
S Start server replay
U Un-set all marks
V Revert changes to this flow
X Kill this flow
Z Purge all flows not showing
a Resume this intercepted flow
b Save response body to file
d Delete flow from view
e Export this flow to file
f Set view filter
m Toggle mark on this flow
n Create a new flow
o Set flow list order
r Replay this flow
v Reverse flow list order
w Save listed flows to file
| Run a script on this flow
Ctrl l Send cuts to clipboard

# Filter in Mitmproxy


Filter

- -
f Set view filter (on flow view page)

Note: The regex are Python-style, it can be specified as quoted strings

Operators

- -
! unary not
& and
| or
(...) grouping

Expressions

- -
~a Match asset in response: CSS, Javascript, Flash, images.
~b regex Body
~bq regex Request body
~bs regex Response body
~c int HTTP response code
~d regex Domain
~dst regex Match destination address
~e Match error
~h regex Header
~hq regex Request header
~hs regex Response header
~http Match HTTP flows
~m regex Method
~marked Match marked flows
~q Match request with no response
~s Match response
~src regex Match source address
~t regex Content-type header
~tcp Match TCP flows
~tq regex Request Content-Type header
~ts regex Response Content-Type header
~u regex URL
~websocket Match WebSocket flows (and HTTP-WebSocket handshake flows)

Flow selectors

- -
@all All flows
@focus The currently focused flow
@shown All flows currently shown
@hidden All flows currently hidden
@marked All marked flows
@unmarked All unmarked flows

Note: mitmproxy has a set of convenient flow selectors that operate on the current view

Examples

URL containing "google.com"


google\.com

Requests whose body contains the string "test"


~q ~b test

Anything but requests with a text/html content type:


!(~q & ~t "text/html")

Replace entire GET string in a request (quotes required to make it work):


":~q ~m GET:.*:/replacement.html"

# Scripts in Mitmproxy


Custom response

from mitmproxy import http


def request(flow: http.HTTPFlow) -> None:
    if flow.request.pretty_url == "http://example.com/path":
        flow.response = http.HTTPResponse.make(
            200,  # (optional) status code
            b"Hello World",  # (optional) content
            {"Content-Type": "text/html"}  # (optional) headers
        )

Note: Send a reply from the proxy without sending any data to the remote server

Add header

class AddHeader:
    def __init__(self):
        self.num = 0

    def response(self, flow):
        self.num = self.num + 1
        flow.response.headers["count"] = str(self.num)


addons = [
    AddHeader()
]

Note: Add an HTTP header to each response



Best Suggest


Emmet

Emmet

Looking to supercharge your HTML workflow? Look no further than this Emmet cheat sheet! Packed with shortcuts and handy tips, this go-to resource will help you code faster and more efficiently than ever before. Whether you're a seasoned developer or just starting out, this cheat sheet is the perfect tool to take your HTML skills to the next level. ... Read More
RegEX

RegEX

Our Regex Cheat Sheet is an invaluable tool for anyone working with regular expressions. Whether you're a beginner just starting to learn about regex or an experienced developer looking for a quick reference guide, this cheat sheet has everything you need to master the art of pattern matching. The cheat sheet includes a comprehensive list of the most commonly used regex syntax, along with clear explanations and examples to help you understand how each expression works. ... Read More
XPath

XPath

It uses a non-XML syntax to provide a flexible way of addressing (pointing to) different parts of an XML document. It can also be used to test addressed nodes within a document to determine whether t ... Read More