mitmproxy
Table of contents
Intro
This is a pretty decent proxy that works completely from the command line. Might be able to use it to replace Burp.
Some cool features:
- Runs from the command line completely
- Scriptable (https://docs.mitmproxy.org/stable/addons-commands/)
- Configurable keyboard shortcuts
Running
- Proxy requests to Burp
mitmproxy -p 8081 --mode upstream:"http://localhost:8080" -k
mitmproxy will listen on port 8081 and Burp should be listening on port 8080.
- Run standalone
mitmproxy -p 8081
The certificate for mitmproxy can be found on ~/.mitmproxy/. Just import it on Firefox or wherever as you normally would.
Keyboard shortcuts
You can configure your own shortcuts by editing ~/.mitmproxy/keys.yaml. Here is an example of what I use:
-
# Go to the next flow (request)
key: ctrl n
cmd: view.focus.next
help: Go to the next flow
-
# Go to the previous flow (request)
key: ctrl p
cmd: view.focus.prev
help: Go to the previous flow
Note: The lines starting with - are important. They specify a list in YAML syntax.
Common shortcuts
Global shortcuts
These can be executed on any context on the application:
shift c- View all supported commandsshift e- View the event logshift k- View key bindings?- View help
Flow shortcuts
v- Allows viewing the flow body in an external editorq- Goes back to the list of flows
Filtering
It is possible to filter the flows that will be displayed in the main window. For this press f and then type the type of filter to be applied as described here: https://docs.mitmproxy.org/stable/concepts-filters/
Addons
Loop through all flows
The View class is a sequence (like a list) that contains all the flows. One can then loop through all the flows with a code like this:
import mitmproxy
from mitmproxy import ctx, addonmanager, command
import typing
class RequestParser:
def __init__(self):
self.master = ctx.master
self.view = self.master.view
def load(self, entry: addonmanager.Loader):
f: HTTPFlow
for f in self.view:
ctx.log.info(f)
addons = [
RequestParser()
]