mitmproxy

Note

We strongly encourage you to use Inline Scripts rather than mitmproxy.
  • Inline Scripts are equally powerful and provide an easier syntax.
  • Most examples are written as inline scripts.
  • Multiple inline scripts can be used together.
  • Inline Scripts can either be executed headless with mitmdump or within the mitmproxy UI.

All of mitmproxy’s basic functionality is exposed through the mitmproxy library. The example below shows a simple implementation of the “sticky cookie” functionality included in the interactive mitmproxy program. Traffic is monitored for Cookie and Set-Cookie headers, and requests are rewritten to include a previously seen cookie if they don’t already have one. In effect, this lets you log in to a site using your browser, and then make subsequent requests using a tool like curl, which will then seem to be part of the authenticated session.

examples/stickycookies
#!/usr/bin/env python
"""
This example builds on mitmproxy's base proxying infrastructure to
implement functionality similar to the "sticky cookies" option.

Heads Up: In the majority of cases, you want to use inline scripts.
"""
import os
from mitmproxy import controller, proxy
from mitmproxy.proxy.server import ProxyServer


class StickyMaster(controller.Master):
    def __init__(self, server):
        controller.Master.__init__(self, server)
        self.stickyhosts = {}

    def run(self):
        try:
            return controller.Master.run(self)
        except KeyboardInterrupt:
            self.shutdown()

    def handle_request(self, flow):
        hid = (flow.request.host, flow.request.port)
        if "cookie" in flow.request.headers:
            self.stickyhosts[hid] = flow.request.headers.get_all("cookie")
        elif hid in self.stickyhosts:
            flow.request.headers.set_all("cookie", self.stickyhosts[hid])
        flow.reply()

    def handle_response(self, flow):
        hid = (flow.request.host, flow.request.port)
        if "set-cookie" in flow.response.headers:
            self.stickyhosts[hid] = flow.response.headers.get_all("set-cookie")
        flow.reply()


config = proxy.ProxyConfig(port=8080)
server = ProxyServer(config)
m = StickyMaster(server)
m.run()