The project MITMProxy 11 has been released with tools designed for intercepting traffic within HTTPS connections, allowing for inspection, modification, and re-reproduction of traffic. The main objective of MITMProxy is to facilitate traffic tracking in corporate systems and diagnose issues, such as identifying hidden network activity of applications. The project’s initial scripts are written in Python and distributed under the MIT license.
To analyze HTTPS traffic with MITMProxy, it is deployed on a transit node where it intercepts client requests and relays them as requests to the target server. MITMProxy establishes a standard HTTPS connection with the target server during the client session and creates a fake connection with a dynamically generated sub-SSL certificate for the client. Traffic received from the client is forwarded to the target server, and responses are relayed back to the client.
Various methods, such as configuring the MITMProxy address as an HTTP proxy in browser settings, using it as a SOCKS5 proxy, configuring it as a reverse proxy in front of an HTTP server, or setting up transparent passthrough using packet filter rules or routing, can be used to redirect traffic through MITMProxy. To prevent browser security warnings related to the front-line certificate, it is recommended to manually install MITMProxy’s root certificate in the user’s system by visiting hostm.it in the browser.
MITMProxy supports HTTP/2, HTTP/3, websockets, normalizes stream packet processing, allows for the integration of processing scripts to modify traffic on-the-fly, stores