aboutsummaryrefslogtreecommitdiffstats
path: root/doc-src/mitmproxy.html
blob: ef0b242dafc2147043d346f06752831e75754459 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

__mitmproxy__ is a console tool that allows interactive examination and
modification of HTTP traffic. The _?_ shortcut key shows complete documentation
on __mitmproxy__'s functionality.


## The interface: connection list

<img src="@!urlTo("screenshots/mitmproxy.png")!@"/>


The connection list shows an index of captured flows in chronological order.
So, in this case, we can we can see that we visited __gmail.com__, which then
returned a 301 redirect to mail.google.com.

The statusbar at the bottom tells us that there are 11 flows in the view, that
we are using the "pretty" view mode (more on that below), and that the proxy is
bound to port 8080 of all interfaces.

Also visible is the __Event log__, which can be toggled on and off with the _v_
keyboard shortcut. This displays events like client connection information,
errors, and script output.


## Example: Interception

__mitmproxy__'s interception functionality lets you pause an HTTP request or
response, inspect and modify it, and then accept it to send it on to the server
or client. 


### 1: Set an interception pattern

<img src="@!urlTo('intercept-filt.png')!@"/>

We press _i_ to set an interception pattern. In this case, the __~q__ filter
pattern tells __mitmproxy__ to intercept all requests. For complete filter
syntax, see the [Filter expressions](@!urlTo("filters.html")!@) section of this
document, or the built-in help function in __mitmproxy__.

### 2: Intercepted connections are indicated with a red exclamation mark:

<img src="@!urlTo('intercept-mid.png')!@"/>

### 3: You can now view and modify the request:

<img src="@!urlTo('intercept-options.png')!@"/>

In this case, we viewed the request by selecting it, pressed _e_ for "edit"
and _m_ for "method" to change the HTTP request method.

### 4: Accept the intercept to continue

<img src="@!urlTo('intercept-result.png')!@"/>

Finally, we press _a_ to accept the modified request, which is then sent on to
the server. In this case, we changed the request from an HTTP GET to to
OPTIONS, and Google's server has responded with a 405 "Method not allowed".
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 14:14:35 +0000