A Man-in-the-Middle Proxy "mitmproxy"

In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, where in actuality the attacker has inserted themselves between the two user parties.

Alternatively, we could also use the MITM technology to control the data stream over the network. The mitmproxy is a great tool for this purpose. It looks like a swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify, and replay web traffic such as HTTP/1, HTTP/2, HTTP/3, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of message types ranging from HTML to Protobuf, intercept specific messages on the fly, modify them before they reach their destination, and replay them to a client or server later on.

Scenarios

The mitmproxy supports several kinds of proxy modes, including transparent proxy, reverse proxy, and upstream proxy. It can be used as a command-line tool, Python library, or web interface. It is also extensible and can be scripted in Python.

• regular: The default mode. Configure your client(s) to use an HTTP(S) proxy.
• local capture: Capture applications on the same device.
• wireguard: Capture external devices or individual Android apps.
• reverse: Put mitmproxy in front of a server.
• transparent: Capture traffic with custom network routes.
• tun interface: Create a virtual network device to capture traffic.
• upstream: Chain two HTTP(S) proxies.
• socks: Run a SOCKS5 proxy server.
• dns: Run a scriptable DNS server.

Security

To trust CA certificates, you need to install the mitmproxy CA certificate on your device. This is necessary for HTTPS interception. The CA certificate is used to sign the certificates that mitmproxy generates for each intercepted HTTPS connection. By installing the CA certificate, you tell your device to trust these generated certificates, allowing mitmpr https://docs.mitmproxy.org/stable/concepts-certificates/

e.g. to enable a Java Application running on MacOS

(root)# security add-trusted-cert -d -p ssl -p basic -k /Library/Keychains/System.keychain ~/.mitmproxy/mitmproxy-ca-cert.pem
(root)# keytool -importcert -alias mitmproxy -storepass changeit -keystore $JAVA_HOME/lib/security/cacerts -trustcacerts -file ~/.mitmproxy/mitmproxy-ca-cert.pem