MITMProxy is a tool I reach for when I need to know what requests and responses something is making.
I was introduced to it when tracing bugs between a docker client and non-api conforming docker registry. But since then I find myself reaching for it whenever I want to see the https requests something I am running is making. It's a bit of a pain to the CA, so I thought I would document the steps, including how to man in the middle requests of a docker container you are running.
I know some people reach for Wireshark to look at network requests, but I've never really mastered Wireshark. mitmproxy has a very intuitive UI and is excellant if you just interested in http and https requests.
It quite a few features on top of the core MITM functionality, like automated setup for a bunch of use cases like browsers & Android interception (not Docker, yet, but it's coming!). If you're an avid mitmproxy user I'd love to know what you think.
Sort of: it generates a certificate, and you _can_ add it to the keychain just like mitmproxy etc, but by default it avoids doing that, because you don't need to globally trust the CA cert for most use cases, and avoiding doing so if you can is nice for security (more details: https://httptoolkit.tech/blog/debugging-https-without-global...).
Instead, it injects the certificate & proxy settings manually into intercepted targets as it launches them. So you can intercept a single Chrome window or all processes launched from a single terminal window without affecting any of the rest of your system.
5 comments
[ 2.1 ms ] story [ 27.0 ms ] threadMITMProxy is a tool I reach for when I need to know what requests and responses something is making.
I was introduced to it when tracing bugs between a docker client and non-api conforming docker registry. But since then I find myself reaching for it whenever I want to see the https requests something I am running is making. It's a bit of a pain to the CA, so I thought I would document the steps, including how to man in the middle requests of a docker container you are running.
I know some people reach for Wireshark to look at network requests, but I've never really mastered Wireshark. mitmproxy has a very intuitive UI and is excellant if you just interested in http and https requests.
It quite a few features on top of the core MITM functionality, like automated setup for a bunch of use cases like browsers & Android interception (not Docker, yet, but it's coming!). If you're an avid mitmproxy user I'd love to know what you think.
The docker use-case is tricky, as images are immutable so you have to basically create a new image with the cert in place.
Instead, it injects the certificate & proxy settings manually into intercepted targets as it launches them. So you can intercept a single Chrome window or all processes launched from a single terminal window without affecting any of the rest of your system.