aboutsummaryrefslogtreecommitdiffstats
path: root/web/src/js/components/Header
Commit message (Expand)AuthorAgeFilesLines
* fixed bug (#1342)Clemens Brunner2016-07-121-2/+2
* [web] (mostly) remove jQueryMaximilian Hils2016-06-261-4/+5
* minor fixesMaximilian Hils2016-06-264-27/+27
* [web] fix actionsJason2016-06-254-16/+37
* [web] fix selectFlowsJason2016-06-251-1/+1
* [web] bug fixJason2016-06-241-4/+4
* [web] fix flows data flowJason2016-06-241-1/+1
* [web] fix data connectionJason2016-06-231-1/+1
* [web] connect new ducks actionsJason2016-06-231-2/+2
* added accept and revert to flowmenuClemens2016-06-201-4/+6
* [web] replace SetttingsActions.update with settings.updateSettingsJason2016-06-192-31/+41
* add setInterceptPattern action creatorMaximilian Hils2016-06-171-3/+8
* [web] commonJason2016-06-173-7/+8
* web: use implicit bindActionCreatorsMaximilian Hils2016-06-151-3/+2
* added flowMenuClemens2016-06-141-0/+32
* [web] header.js -> Header.jsJason2016-06-096-0/+455
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-07 04:40:18 +0000
/a> 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 
How mitmproxy works
===================

Mitmproxy is an enormously flexible tool. Knowing exactly how the proxying
process works will help you deploy it creatively, and take into account its
fundamental assumptions and how to work around them. This document explains
mitmproxy's proxy mechanism in detail, starting with the simplest unencrypted
explicit proxying, and working up to the most complicated interaction -
transparent proxying of SSL-protected traffic [#ssl]_ in the presence of `Server Name Indication`_.

Explicit HTTP
-------------

Configuring the client to use mitmproxy as an explicit proxy is the simplest
and most reliable way to intercept traffic. The proxy protocol is codified in the
`HTTP RFC`_, so the behaviour of both
the client and the server is well defined, and usually reliable. In the
simplest possible interaction with mitmproxy, a client connects directly to the
proxy, and makes a request that looks like this:

.. code-block:: none

    GET http://example.com/index.html HTTP/1.1

This is a proxy GET request - an extended form of the vanilla HTTP GET request
that includes a schema and host specification, and it includes all the
information mitmproxy needs to proceed.

.. image:: schematics/how-mitmproxy-works-explicit.png
    :align: center

1. The client connects to the proxy and makes a request.
2. Mitmproxy connects to the upstream server and simply forwards the request on.


Explicit HTTPS
--------------

The process for an explicitly proxied HTTPS connection is quite different. The
client connects to the proxy and makes a request that looks like this:

.. code-block:: none

    CONNECT example.com:443 HTTP/1.1

A conventional proxy can neither view nor manipulate an SSL-encrypted data
stream, so a CONNECT request simply asks the proxy to open a pipe between the
client and server. The proxy here is just a facilitator - it blindly forwards
data in both directions without knowing anything about the contents. The
negotiation of the SSL connection happens over this pipe, and the subsequent
flow of requests and responses are completely opaque to the proxy.

The MITM in mitmproxy
^^^^^^^^^^^^^^^^^^^^^

This is where mitmproxy's fundamental trick comes into play. The MITM in its
name stands for Man-In-The-Middle - a reference to the process we use to