An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

Overview

mitmproxy

Continuous Integration Status Coverage Status Latest Version Supported Python versions

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

mitmweb is a web-based interface for mitmproxy.

Installation

The installation instructions are here. If you want to install from source, see CONTRIBUTING.md.

Documentation & Help

General information, tutorials, and precompiled binaries can be found on the mitmproxy website.

mitmproxy.org

The documentation for mitmproxy is available on our website:

mitmproxy documentation stable mitmproxy documentation master

If you have questions on how to use mitmproxy, please ask them on StackOverflow!

StackOverflow: mitmproxy

Contributing

As an open source project, mitmproxy welcomes contributions of all forms.

Dev Guide

Also, please feel free to join our developer Slack!

Slack Developer Chat

Comments
  • poor interactive performance / hanging requests

    poor interactive performance / hanging requests

    i use mitmproxy for interactive browsing a lot. that is, i run an mitmdump instance continuously, and use it from multiple browsers on multiple computers.

    recently this started to be a rather frustrating experience. i suspect it's related to the new proxy core, or it could be related to debian upgrading to python 3.9? sadly it turned out non-trivial to roll this back.

    initially after mitmproxy startup, everything works smoothly, but then suddenly stalls, many requests hang for a very long time until mitmproxy returns a response. sometimes this starts almost immediately, sometimes after hours, it possibly recovers by itself, but usually i give up waiting and restart mitmproxy. (most times the requests seem to do finish, but only after many minutes.) this is probably most easily reproduced with resource-heavy sites, like facebook.com, openstreetmap.org, ...

    in netstat, i don't see mitmproxy having many connections to the destination servers open, so i suspect it's an internal limitation. ( i typically check with $ netstat -ntp | grep EST.*python | grep -v :8080 | awk '{print $5}' | sort | uniq -c | sort -n)

    my initial suspicion was that there is a limit on the number of concurrent connections, and that that pool is used up by connections that are in some invalid state and/or waiting for a timeout.

    i already found a per-connection.address] limit at https://github.com/mitmproxy/mitmproxy/blob/dc6c5f55cd25236e9469c24b85c8cafd29573281/mitmproxy/proxy/server.py#L84 and increased it significantly, but that did not lead to consistent improvements. (i also added a warning on if self.max_conns[command.connection.address].locked():, but it doesn't seem to trigger.)

    can you suggest what else i could do to diagnose this? is there another connection limit besides max_conns in proxy? is there existing code/facilities to introspect/dump the currently open incoming connections and their state? an option to log connection-level tracing info?

    System Information

    Paste the output of "mitmproxy --version" here.

    (venv) user@host[~/mitmproxy]$ mitmproxy --version
    Mitmproxy: 7.0.0.dev (+332, commit aebc40c)
    Python:    3.9.1+
    OpenSSL:   OpenSSL 1.1.1i  8 Dec 2020
    Platform:  Linux-5.8.0-1-amd64-x86_64-with-glibc2.31
    
    kind/triage 
    opened by r00t- 64
  • Move to Python 3

    Move to Python 3

    Creating this as a catch-all ticket to elicit some discussion of Python3 support, which has become something of an FAQ.

    We're going to have to make the jump to Python3 at some point. All our dependencies (last time I checked) were Python 3-ready, so in theory we could make the leap. If we do it, we would do Python 3-only - I don't think there's a benefit to trying to maintain Python 2/3 Frankenstein that gives us the worst of both worlds.

    This leaves us with two issues. First, there's a legacy concern - quite a few people use libmproxy to build things, and I know that I personally would probably have a few weeks of work ahead of me just in converting existing related projects over.

    The second thing has to do with Python 3 and its treatment of Unicode/strings. Mitmproxy is "special", in the sense that it deals with loosely typed, untrusted and possibly intentionally corrupted data flows. It's a boundary layer between a weird world where string encodings can't be assumed, and the higher levels like the UI and so forth, where Python 3 forces us to have unicode. In this sense, it's similar to other programs that deal with on-the-wire data, like web frameworks (though our problem is even worse). Have a look at Armin Ronacher's experience with Python 3 Unicode and Flask/Jinja2/etc.:

    http://lucumr.pocoo.org/2014/1/5/unicode-in-2-and-3/

    http://lucumr.pocoo.org/2014/5/12/everything-about-unicode/

    I know that this has frustrated some people working on similar programs enough that they've moved away from Python altogether....

    Where does this leave us? Well, clearly we clearly can't stay on Python2 in the longer term. The Python3 situation is pretty dire, but has very gradually been getting very slightly better. 3.4 included some improvements, and I think 3.5 will have a few more. The key issues are intrinsic to the language design, though, and will never go away.

    opened by cortesi 53
  • add transparent server mode based on WireGuard

    add transparent server mode based on WireGuard

    This is a draft for a transparent mode implementation based on WireGuard. I'm filing this "early" even though some things aren't finished yet, but I'm looking for feedback on whether things are generally looking "OK" or if some things should be done differently.

    New mode spec for a WireGuard mode:

    • simple and extensible key-value based settings syntax (in case more settings need to be specified in the future)
    • currently supported settings: listen_port to override the default WireGuard port (51820), name to override the default filename prefix for generated WireGuard configuration files (mitmproxy_wireguard), and peers to override the default number of peers (1) for which a configuration will be generated
    • unit tests to verify that the new mode spec is parsed correctly

    New WireGuard server mode implementation:

    • new implementation of WireGuardConnectionHandler (based on ProxyConnectionHandler but using mitmproxy_wireguard.TcpStream instead of `asyncio.StreamReader/StreamWriter)
    • new implementation of WireGuardInstance: based on TcpServerInstance / TransparentInstance for TCP, and UdpServerInstance for UDP (not hooked up yet, better support for UDP connections needs to be implemented in mitmproxy_wireguard first)
    • small adaptations for accepted types of reader / writer in ConnectionIO (might need to be refactored to be generic, and / or require further adaptations once mitmproxy_wireguard.UdpStream is ready for handling UDP packets)
    • not done yet: unit tests (maybe something similar to the test_transparent test in tests/mitmproxy/proxy/test_mode_servers.py?)

    What's not working yet:

    • TcpStream.get_extra_info("original_addr") is not implemented yet, but exposing the original destination in this manner should be relatively straightforward in mitmproxy_wireguard.
    • Running mitmdump --mode wireguard:[spec] correctly generates WireGuard configuration files with the given settings, but then crashes with invalid IP address syntax and I cannot find where this error message is coming from (grepping mitmproxy source code doesn't yield any hits for this string and relevant substrings of it).
    opened by decathorpe 44
  • Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'PEM lib')]

    Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'PEM lib')]

    just did git clone mitmproxy, but error is still here


    Error in processing of request from 46.72.191.27:52247 Traceback (most recent call last): File "/opt/python2.7/lib/python2.7/site-packages/netlib/tcp.py", line 353, in request_thread self.handle_connection(request, client_address) File "/opt/python2.7/lib/python2.7/site-packages/libmproxy/proxy.py", line 536, in handle_connection h.handle() File "/opt/python2.7/lib/python2.7/site-packages/libmproxy/proxy.py", line 191, in handle while self.handle_request(cc) and not cc.close: File "/opt/python2.7/lib/python2.7/site-packages/libmproxy/proxy.py", line 206, in handle_request request = self.read_request(cc) File "/opt/python2.7/lib/python2.7/site-packages/libmproxy/proxy.py", line 455, in read_request return self.read_request_proxy(client_conn) File "/opt/python2.7/lib/python2.7/site-packages/libmproxy/proxy.py", line 395, in read_request_proxy self.convert_to_ssl(dummycert, self.config.certfile or self.config.cacert, handle_sni=sni) File "/opt/python2.7/lib/python2.7/site-packages/netlib/tcp.py", line 290, in convert_to_ssl ctx.use_certificate_file(cert) Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'PEM lib')]


    runing libmproxy application on centos 5

    getting errors

    There's been a recent contributed patch that could be relevant to this. Could you please try a current git checkout, and see if you still see these problems?

    Also, please do report this kind of thing on the Github bug tracker. It makes it much easier to keep track of things.

    Regards,

    Aldo

    opened by dsultanr 41
  • When I input “mitproxy”in commands, it is show 'module' object has no attribute 'TLSv1_2_METHOD'

    When I input “mitproxy”in commands, it is show 'module' object has no attribute 'TLSv1_2_METHOD'

    ➜  ~  mitmproxy
    Traceback (most recent call last):
      File "/usr/local/bin/mitmproxy", line 9, in <module>
        load_entry_point('mitmproxy==0.13.1', 'console_scripts', 'mitmproxy')()
      File "/Library/Python/2.7/site-packages/distribute-0.6.28-py2.7.egg/pkg_resources.py", line 337, in load_entry_point
        return get_distribution(dist).load_entry_point(group, name)
      File "/Library/Python/2.7/site-packages/distribute-0.6.28-py2.7.egg/pkg_resources.py", line 2311, in load_entry_point
        return ep.load()
      File "/Library/Python/2.7/site-packages/distribute-0.6.28-py2.7.egg/pkg_resources.py", line 2017, in load
        entry = __import__(self.module_name, globals(),globals(), ['__name__'])
      File "/Library/Python/2.7/site-packages/libmproxy/main.py", line 7, in <module>
        from . import version, cmdline
      File "/Library/Python/2.7/site-packages/libmproxy/cmdline.py", line 6, in <module>
        from . import filt, utils, version
      File "/Library/Python/2.7/site-packages/libmproxy/filt.py", line 38, in <module>
        from .protocol.http import decoded
      File "/Library/Python/2.7/site-packages/libmproxy/protocol/__init__.py", line 1, in <module>
        from .primitives import *
      File "/Library/Python/2.7/site-packages/libmproxy/protocol/primitives.py", line 4, in <module>
        import netlib.tcp
      File "/Library/Python/2.7/site-packages/netlib/tcp.py", line 26, in <module>
        'TLSv1.2': SSL.TLSv1_2_METHOD,
    AttributeError: 'module' object has no attribute 'TLSv1_2_METHOD'
    
    opened by cryingDream94 37
  • Memory Leaks in Native Code

    Memory Leaks in Native Code

    Steps to reproduce the problem:
    1. Download and extract Linux binaries from https://github.com/mitmproxy/mitmproxy/releases/download/v4.0.1/mitmproxy-4.0.1-linux.tar.gz
    2. sudo ./mitmweb --web-iface 192.168.86.88 --web-port 8081 --showhost --listen-host 192.168.86.88 --listen-port 8080
    3. Generate load from an external device or from a local browser. I use MITMProxy to capture video traffic, which tears through memory rather quickly against an HLS stream like http://bitdash-a.akamaihd.net/content/sintel/hls/playlist.m3u8. You can install https://addons.mozilla.org/en-US/firefox/addon/native_hls_playback/ in Firefox to get the playback to happen natively.
    4. Watch the stream tear through your RAM with .ts fragments (this is expected - video is heavy).
    5. Clear the screen with MITMProxy --> New
    6. Watch the RAM usage - it won't go down, and will continue to rise when new fragments come in.
    Any other comments? What have you tried so far?
    • Occurs in Docker and running natively tested on both x86 and ARMv7
    • Reproduced in Ubuntu 18.04 LTS and Alpine 3.7 Linux.

    I'm wondering if there's a part of the Python API for MITMProxy that MITMWeb needs to add to the "New" instruction in the React code.

    System information

    Mitmproxy: 4.0.1 binary Python: 3.6.3 OpenSSL: OpenSSL 1.1.0h 27 Mar 2018 Platform: Linux-4.15.0-22-generic-x86_64-with-debian-buster-sid

    kind/bug 
    opened by ironsalsa 36
  • Use mitmproxy behind reverse proxy

    Use mitmproxy behind reverse proxy

    Problem Description

    I currently have mitmproxy running on port 2010. However, I want to also be able to access under a host name, like mitmproxy.test

    Proposal

    Access mitmproxy from https://$DOMAIN.$TLD

    Alternatives

    A clear and concise description of any alternative solutions or features you've considered.

    Additional context

    Add any other context or screenshots about the proposal here.

    kind/feature 
    opened by DUOLabs333 34
  • mitmdump memory usage is always constantly growing

    mitmdump memory usage is always constantly growing

    (orignally mentioned in #4451 , but i don't think it's related to the issue discussed there and should get a separate ticket)

    Problem Description

    i use mitmdump for interactive browsing a lot. that is, i run an mitmdump instance continuously, and use it from multiple browsers on multiple computers.

    i find that mitmdump's memory usage constantly grows, it appears as if it allocates memory for any request/response data it processes and then never frees it. note that i would expect this behaviour from mitmproxy running interactively, as it displays all the data in the UI, but mitmdump should have no reason to keep flows in memory after writing them out.

    here's a typical mitmdump memory usage graph out of my monitoring stack: mitmdump_rss

    mitmdump memory usage appears as a sawtooth pattern, rising until it's terminated. the growth rate is currently typically around 500mb/hour, it was less in the past, when it got through a whole day with under 2gb, and is higher than the rate of data actually dumped (under 1gb/day). in this graph mitmdump is manually terminated a few times, because of debugging #4451, and by a daily restart at midnight. (i also run a script that terminates it if it exceeds 3gb, to avoid it taking down my system.)

    some very rare phases of non-growth (as seen in the graph above) are very unlikely related to zero traffic - thanks to websites constantly loading stuff in the background nowadays, and many browsers and tabs, it's unlikely that traffic is ever zero.

    i see some extremely rare occurences (at most once a week) of larger amounts of memory being allocated and freed again, in the expected pattern of allocating it to handle a request, and freeing it again after the request is finished.

    Steps to reproduce the behavior:

    1. run mitmdump for a longer period and use it, possibly with multiple browsers with a large number of tabs open
    2. observe memory usage

    System Information

    i think it has been the case ever since i started using mitmproxy, the above graph is of current git master. (running with --set proxy_debug -vvv, but it doesn't make a difference to the behaviour.)

    kind/triage 
    opened by r00t- 33
  • Command language

    Command language

    The aim of this ticket is to come up with an on-paper design for an extension to the mitmproxy command language, before @kajojify moves to implementation. This is a GSoC project, but anyone should feel free to contribute to the discussion.

    Context

    The most significant change to mitmproxy in the last few years has been the shift to a modular core. Under this system, functionality is implemented in completely self-contained addons. Users interact with addons (and by extension with mitmproxy itself) ONLY through commands and options. Commands have globally unique names, a set of typed arguments, and a single typed return value. The command language we're discussing here is strictly the textual language users use to invoke and combine these typed addon commands.

    At the moment, the command language is used in two places:

    • The interactive command prompt of the console app.
    • Console key bindings, where all user interaction occurs through commands bound to keys.

    In coming releases, the command language will be even more prominent:

    • There will be a new key binding configuration file for customizing key bindings. #2963
    • All tools will support commands passed on the command-line, to be run at startup and shutdown. See discussion in #2963.
    • We're considering a new primitive called Actions. These are compound commands, like key bindings, but not bound to keys. See discussion in #2718.
    • Mitmweb will need to expose commands in some form to users. We'll have to discuss how to do this without re-implementing parsing on the client side.

    Aims

    What we're trying to achieve here is a language that works at two extrema:

    • On the interactive prompt and the command-line, it has to be terse and minimal. Any extra keystroke here has to be very clearly motivated. The current expression for short commands is literally as simple as possible, and probably can't be improved.
    • For commands can be composed of multiple subcommands - we have examples of up to 4 combined commands in key bindings - the language has to be readable, clear and minimise error.

    We should also keep in mind that it is explicitly not an aim to replace Python. Complicated commands are best expressed as full addons written in Python. This means that I want to be cautious about flow control in the command language - it might never be needed at all. There is a separate discussion to be had about making cross-addon invocation of commands better from within Python.

    Current language

    Commands support a small number of predefined argument and return value types. For each type, we define a parser, which converts a textual representation given by the user to the underlying type, a tab completer for interactive use, and a validator that checks whether an arbitrary Python value is a valid value. We know the arity of all functions up-front (with the exception of varargs as the last argument to a command). That lets us have a complete parser with no grouping operators.

    Syntactically, the language is very simple. It consists of a list of possibly quoted strings that can either be command names or arguments (as interpreted through the appropriate type parser).

    The text representation of a type value can be expanded in complex ways. For instance, mitmproxy's core primitive is the flow, and the current language supports sophisticated ways to select flows from the current session on the command-line. Another example is the cuts mechanism, which will be much more prominent in future releases. This expressiveness is a critical feature that I would like to maintain.

    Let's structure discussion around a set of examples that cover common use-cases. Below, I give a set of definitions in terms of the current language, along with a motivation and explanation. Please accompany concrete language suggestions with a similar table expressing the same examples, and any new ones you think are relevant.

    | Command | Description | | --- | --- | | view.remove @marked | Interactive. Remove all marked flows. | | replay.client "~h google.com" | Interactive. Replay all flows for host google.com. | | cut.save @all server_conn.address.host ~/hosts.csv | Complex interactive. Select the server host from all flows, and save to file. | | console.choose.cmd Format export.formats console.command export.file {choice} @focus | Complex key binding. This composes 4 commands - console.choose.cmd takes a prompt, a command to invoke to retrieve a set of options, and a command to invoke once the user has selected an option with a selected argument. A good example of something that is hard to parse in the current language, and which may in fact be hard in any variant. Anything much more complicated than this should be expressed in Python. |

    Implementation

    Implementations should maintain current usability features like tab expansion and syntax highlighting for partial commands. This means that parsers must be incremental. It also means that a parser needs to be reversible - we should be able to parse a command string, annotate it with syntax highlighting, and then recompose it on the command line for the user to continue editing. Please see the current implementation for how all of this works.

    We should aim to elaborate the language that's currently there step-by-step, rather than attempting a wholesale re-implementation. Please try to make proposals incremental, and tease separable ideas out into separate proposals.

    gsoc 
    opened by cortesi 33
  • twitter.com goes in timeout if HTTP2 is enabled

    twitter.com goes in timeout if HTTP2 is enabled

    Steps to reproduce the problem:
    1. Intercepting twitter.com with Firefox and Chrome -> timeout after ClientConnect Page never appears, with no error in logs

    Seen on SlackFor @cortesi, for him was working on Firefox but not Chrome

    Any other comments? What have you tried so far?

    Disabling HTTP2 works directly with --no-http2

    System information

    Mitmproxy version: 0.18.2 Python version: 3.5.2 Platform: Darwin-16.1.0-x86_64-i386-64bit SSL version: OpenSSL 1.0.2j 26 Sep 2016 Mac version: 10.12.1 ('', '', '') x86_64

    upstream area/protocols 
    opened by tomlabaude 30
  • tutorial addon to improve onboarding new users

    tutorial addon to improve onboarding new users

    Description

    Added a draft of the tutorial addon. To test the current state: start mitmproxy and open http://tutorial.mitm.it

    refs #3142

    Tasks

    • [x] Tutorial layout
    • [x] Sample voting app
    • [x] Tutorials: View flows / UI intro
    • [x] Tutorials: Interception / Modify
    • [x] Tutorials: Replay
    • [ ] Tutorials should be valid for mitmproxy and mitmweb
    • [ ] Add tests

    PR Checklist

    • [ ] I have updated tests where applicable.
    • [ ] I have added an entry to the CHANGELOG.
    gsoc 
    opened by mplattner 29
  • Ignored sites doesn't work as expected

    Ignored sites doesn't work as expected

    Problem Description

    I have 2 ios clients that connect through the proxy. I already installed the certs and everything works fine for the sites allowed. The issue is that on one of the two ios client (same configuration) facebook and tik tok app doesn't download data. I'm expect to works fine because is out of https inspection. If i try to check on logs, nothing there because is not in allowed host.

    mitmdump --allow-hosts google.

    Steps to reproduce the behavior:

    1. mitmdump --allow-hosts google.
    2. start ios facebook app or tik tok.
    3. The app doesn't work as expected

    System Information

    Paste the output of "mitmproxy --version" here.

    Mitmproxy: 6.0.2 Python: 3.10.7 OpenSSL: OpenSSL 3.0.5 5 Jul 2022 Platform: Linux-5.19.0-26-generic-x86_64-with-glibc2.36

    kind/triage 
    opened by mironalessandro 0
  • Undo/redo support for flow editing

    Undo/redo support for flow editing

    Problem Description

    When I'm pentesting an application with mitmproxy, I often perform a series of edits to a captured request. After each edit, I send the request and observe the result.

    Sometimes I reach a dead end and want to go back to a previous state in order to try out a different approach. But I've already made destructive modifications to the request, such as deleting headers.

    It would be nice if there was support for undoing my edits, so that I could easily roll back some of them.

    Proposal

    Keep a history of all edits done to a particular flow. Implement undo/redo actions, so that edits can easily be rolled back. Example bindings: u/<C-r> for undo/redo, respectively, similar to vim.

    Alternatives

    A partial workaround for the missing functionality is to duplicate the flow before you start editing.

    However, this is cumbersome to do when you're doing complex tests for a single endpoint for a number of reasons.

    First, you always have to ensure you leave at least one pristine copy to be able to roll back to the starting state.

    Second, a single mistake can ruin a given copy, so that you have to start all over again.

    Finally, sometimes a request has to be heavily edited to bring it into a base state for testing something. If you then want to make several smaller modifications on top of this heavily edited base state, it's much easier to just be able to edit, send, u, edit, send, u, ... rather than having to prepare the request all over again from scratch.

    kind/feature 
    opened by dkasak 2
  • Added dark mode to the Web UI

    Added dark mode to the Web UI

    Description

    Added Dark mode for the web interface with minimum changes.

    • Added toggle to Options tab
    • Added darkreader package

    Related issue https://github.com/mitmproxy/mitmproxy/issues/3886

    Checklist

    • [x] I have updated tests where applicable.
    • [x] I have added an entry to the CHANGELOG.
    opened by devapro 1
  • An 'AttributeError' error is raised when attempting to inject a WebSocket payload

    An 'AttributeError' error is raised when attempting to inject a WebSocket payload

    Problem Description

    The following error is raised when trying to inject a payload to the client for a WebSocket flow:

    warn: [15:49:35.042] Cannot inject WebSocket messages into non-WebSocket flows.
    error: [15:49:35.043] Traceback (most recent call last):
    
      File "asyncio/events.py", line 80, in _run
      File "urwid/raw_display.py", line 416, in <lambda>
      File "urwid/raw_display.py", line 515, in parse_input
      File "urwid/main_loop.py", line 412, in _update
      File "urwid/main_loop.py", line 513, in process_input
      File "mitmproxy/tools/console/window.py", line 304, in keypress
      File "urwid/container.py", line 1123, in keypress
      File "mitmproxy/tools/console/statusbar.py", line 203, in keypress
      File "mitmproxy/tools/console/statusbar.py", line 145, in keypress
      File "mitmproxy/tools/console/statusbar.py", line 174, in prompt_execute
      File "mitmproxy/tools/console/statusbar.py", line 110, in execute_command
      File "mitmproxy/tools/console/commandexecutor.py", line 18, in __call__
      File "mitmproxy/command.py", line 285, in execute
      File "mitmproxy/command.py", line 273, in call_strings
      File "mitmproxy/command.py", line 144, in call
      File "mitmproxy/command.py", line 315, in wrapper
      File "mitmproxy/addons/proxyserver.py", line 293, in inject_websocket
      File "mitmproxy/addons/proxyserver.py", line 273, in inject_event
    
    AttributeError: 'str' object has no attribute 'client_conn'
    

    Steps to reproduce the behavior:

    1. Try executing the following command, whilst focused on a flow: inject.websocket @focus true 'something' true

    System Information

    Mitmproxy: 9.0.1 binary
    Python:    3.11.0
    OpenSSL:   OpenSSL 3.0.7 1 Nov 2022
    Platform:  Linux-5.15.0-56-generic-x86_64-with-glibc2.35
    
    kind/bug area/console 
    opened by MaDKaTZe 2
  • Using mitmproxy with username/password and

    Using mitmproxy with username/password and "any auth" timeouts.

    Problem Description

    Using mitmproxy with username/password and "any auth" fails with a timeout.

    Steps to reproduce the behavior:

    1. Start mitmproxy (i.e docker container and setup authentication (i.e with "username:password")
    # docker run -it -p 8080:8080 -p 8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0
    

    Now set "username:password" in the mitmweb gui for proxy authentication

    1. Using curl with curl -v -x http://proxy:8080 --proxy-anyauth https://upstream -U username:password
    # curl -v -x http://127.0.0.1:8080 --proxy-anyauth https://www.google.de -U username:password
    *   Trying 127.0.0.1:8080...
    * Connected to localhost (127.0.0.1) port 8080 (#0)
    * allocate connect buffer
    * Establish HTTP proxy tunnel to www.google.de:443
    > CONNECT www.google.de:443 HTTP/1.1
    > Host: www.google.de:443
    > User-Agent: curl/7.83.1
    > Proxy-Connection: Keep-Alive
    >
    < HTTP/1.1 407 Proxy Authentication Required
    < Proxy-Authenticate: Basic realm="mitmproxy"
    < content-length: 129
    <
    * Ignore 129 bytes of response-body
    * Establish HTTP proxy tunnel to www.google.de:443
    * Proxy auth using Basic with user 'username'
    > CONNECT www.google.de:443 HTTP/1.1
    > Host: www.google.de:443
    > Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    > User-Agent: curl/7.83.1
    > Proxy-Connection: Keep-Alive
    >
    * Operation timed out after 1005 milliseconds with 0 bytes received
    * CONNECT phase completed
    * Closing connection 0
    

    it seems that mitmproxy does ignore the 2nd CONNECT after its 407 response

    output of the mitmproxy log:

    [07:19:32.889][172.17.0.1:50652] client connect
    [07:19:33.886][172.17.0.1:50652] client disconnect
    

    When using a squid proxy (i.e with TheBoroer/docker-squid-basic-auth)

    docker run -e SQUID_USERNAME=username -e SQUID_PASSWORD=password -p 8080:3128 boro/squid-basic-auth
    

    I get

    # curl -v -k -x http://localhost:8080 --proxy-anyauth https://www.google.de -U username:password
    *   Trying 127.0.0.1:8080...
    * Connected to localhost (127.0.0.1) port 8080 (#0)
    * allocate connect buffer
    * Establish HTTP proxy tunnel to www.google.de:443
    > CONNECT www.google.de:443 HTTP/1.1
    > Host: www.google.de:443
    > User-Agent: curl/7.83.1
    > Proxy-Connection: Keep-Alive
    >
    < HTTP/1.1 407 Proxy Authentication Required
    < Server: squid/3.5.12
    < Mime-Version: 1.0
    < Date: Wed, 30 Nov 2022 07:49:47 GMT
    < Content-Type: text/html;charset=utf-8
    < Content-Length: 3540
    < X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
    < Vary: Accept-Language
    < Content-Language: en
    < Proxy-Authenticate: Basic realm="Access restricted"
    < X-Cache: MISS from 9b6cf0b978a5
    < X-Cache-Lookup: NONE from 9b6cf0b978a5:3128
    < Via: 1.1 9b6cf0b978a5 (squid/3.5.12)
    < Connection: keep-alive
    <
    * Ignore 3540 bytes of response-body
    * Establish HTTP proxy tunnel to www.google.de:443
    * Proxy auth using Basic with user 'username'
    > CONNECT www.google.de:443 HTTP/1.1
    > Host: www.google.de:443
    > Proxy-Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
    > User-Agent: curl/7.83.1
    > Proxy-Connection: Keep-Alive
    >
    < HTTP/1.1 200 Connection established
    <
    * Proxy replied 200 to CONNECT request
    * CONNECT phase completed
    * schannel: disabled automatic use of client certificate
    * ALPN: offers http/1.1
    * ALPN: server accepted http/1.1
    > GET / HTTP/1.1
    > Host: www.google.de
    > User-Agent: curl/7.83.1
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    ... (google web page output stripped)
    

    System Information

    Mitmproxy: 9.0.1 Python: 3.11.0 OpenSSL: OpenSSL 3.0.7 1 Nov 2022 Platform: Linux-5.10.102.1-microsoft-standard-WSL2-x86_64-with-glibc2.31

    kind/bug area/protocols 
    opened by Flow86 1
Releases(9.0.1)
Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Nirmal Dahal 10 Oct 15, 2022
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Pushpender Singh 35 Dec 12, 2022
🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

QeeqBox 259 Dec 31, 2022
A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals.

A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals. All your favorite hits in a simplified format.

Jon Zink 2 Aug 3, 2022
A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

Hamza 64 Oct 18, 2022
SSL / TLS Checking Tool written in Python3

ssts-chk SSL / TLS Checking Tool written in Python3. This tool will perform the following functions: Connect the target given Analyze the secure conne

Douglas Berdeaux 2 Feb 12, 2022
wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

Anouar Ben Saad 47 Sep 22, 2022
This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where this function first perform basic google dorking to find the targets public documents. These documents will then be downloaded to the attackers computer and can be used further to identify metadata about the client.

Tobias 5 May 31, 2022
FTP-Exploits is a tool made in python that contains 4 diffrent types of ftp exploits that can be used in Penetration Testing.

FTP-exploits FTP-exploits is a tool which is used for Penetration Testing that can run many kinds of exploits on port 21(FTP) Commands and Exploits Ex

null 1 Dec 26, 2021
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
A python tool capable of creating HUGE wordlists. Has the ability to add custom words for concatenation in any way you see fit.

A python tool capable of creating HUGE wordlists. Has the ability to add custom words for concatenation in any way you see fit.

Codex 9 Oct 5, 2022
An open-source post-exploitation framework for students, researchers and developers.

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

dvm 8.1k Dec 31, 2022
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 1, 2023
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

null 9.4k Jan 4, 2023
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

Liam 3 Jan 28, 2022
A proxy server application written in python for trial purposes

python-proxy-server This is a proxy server ❤️ application written in python ❤️ for trial purposes. The purpose of the application; Connecting to Hacke

Ali Kasimoglu 2 Dec 27, 2021
A proxy for asyncio.AbstractEventLoop for testing purposes

aioloop-proxy A proxy for asyncio.AbstractEventLoop for testing purposes. When tests writing for asyncio based code, there are controversial requireme

aio-libs 12 Dec 12, 2022
The self-hostable proxy tunnel

TTUN Server The self-hostable proxy tunnel. Running Running: docker run -e TUNNEL_DOMAIN=<Your tunnel domain> -e SECURE=<True if using SSL> ghcr.io/to

Tom van der Lee 2 Jan 11, 2022