I am trying to setup mitmproxy so that I can make a request from my browser to https://{my-domain}
and have it return a response from my local server running at http://localhost:3000 instead, but I cannot get the https request to reach my local server. I see the debugging statements from mitmproxy. Also, I can get it working for http traffic, but not for https.
I read the mitmproxy addon docs and api docs I've installed the cert and I can monitor https through the proxy.
I'm using Mitmproxy: 4.0.4 and Python: 3.7.4
This is my addon (local-redirect.py) and how I run mitmproxy:
from mitmproxy import ctx
import mitmproxy.http
class LocalRedirect:
def __init__(self):
print('Loaded redirect addon')
def request(self, flow: mitmproxy.http.HTTPFlow):
if 'my-actual-domain-here' in flow.request.pretty_host:
ctx.log.info("pretty host is: %s" % flow.request.pretty_host)
flow.request.host = "localhost"
flow.request.port = 3000
flow.request.scheme = 'http'
addons = [
LocalRedirect()
]
$ mitmdump -s local-redirect.py | grep pretty
When I visit the url form my server, I see the logging statement, but my browser hangs on the request and there is no request made to my local server.
To start up mitmproxy, type mitmproxy , and it will start up bound to port 8080. The command-line interface (CLI) has VIM-like keybindings. q will quit, and arrow keys or h , j , k , l will move you up and down through the request list. ? will load the help, and <<enter>> will drill in on a specific request.
By default, mitmproxy listens on port 8080. Quick Check: You should already be able to visit an unencrypted HTTP site through the proxy.
mitmproxy is a free and open source interactive HTTPS proxy. mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols.
Mitmproxy connects to the server, and establishes a TLS connection using the SNI hostname indicated by the client. The server responds with the matching certificate, which contains the CN and SAN values needed to generate the interception certificate.
The above addon was fine, however my local server did not support HTTP2.
Using the --no-http2
option was a quick fix:
mitmproxy -s local-redirect.py --no-http2 --view-filter localhost
or
mitmdump -s local-redirect.py --no-http2 localhost
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With