Skills2026年4月14日·1 分钟阅读

mitmproxy — The Interactive HTTPS Proxy for Debugging and Reverse Engineering

mitmproxy is a free, open-source interactive HTTP/HTTPS/HTTP2/WebSocket proxy for developers, researchers, and security professionals. Inspect, modify, replay, and replay traffic on the fly — from the terminal, a web UI, or Python scripts.

Script Depot
Script Depot · Community
Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
step-1.md
直接安装命令
npx -y tokrepo@latest install 8e6f3652-3814-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

TL;DR
mitmproxy intercepts HTTP/HTTPS traffic for inspection, modification, and replay via terminal, web UI, or Python scripts.
§01

What it is

mitmproxy is a free, open-source interactive HTTP/HTTPS/HTTP2/WebSocket proxy. It sits between your device and the internet, decrypts HTTPS traffic (after CA certificate installation), and displays every request and response. You can inspect, modify, and replay traffic on the fly.

mitmproxy serves three audiences: mobile developers inspecting app traffic, QA teams simulating broken or slow networks, and security researchers reverse-engineering protocols. It ships with three interfaces: a terminal TUI (mitmproxy), a web dashboard (mitmweb), and a headless capture tool (mitmdump).

§02

How it saves time or tokens

Without a proxy, debugging API calls requires adding logging to application code, rebuilding, and redeploying. mitmproxy lets you see real traffic instantly without code changes. The Python scripting API means you can write custom interceptors -- blocking certain requests, injecting headers, or modifying response bodies -- in a few lines. For AI development workflows, this is particularly useful when debugging LLM API calls to see exact token usage and response timing.

§03

How to use

  1. Install mitmproxy: brew install mitmproxy (macOS) or pip install mitmproxy.
  2. Launch the proxy: run mitmproxy for terminal UI, mitmweb for browser UI, or mitmdump -w traffic.mitm for headless capture.
  3. Configure your device or browser to use 127.0.0.1:8080 as HTTP proxy.
  4. Install the CA certificate by visiting http://mitm.it while the proxy is running.
§04

Example

# custom_script.py -- log all API calls to OpenAI
from mitmproxy import http

def response(flow: http.HTTPFlow):
    if 'api.openai.com' in flow.request.pretty_host:
        print(f'[OpenAI] {flow.request.method} {flow.request.path}')
        print(f'  Status: {flow.response.status_code}')
        print(f'  Size: {len(flow.response.content)} bytes')
# Run with the script
mitmdump -s custom_script.py
§05

Related on TokRepo

§06

Common pitfalls

  • HTTPS interception requires installing mitmproxy's CA certificate on the client device. Without it, you only see encrypted traffic. Certificate pinned apps will reject the proxy entirely.
  • Some applications detect proxy usage and refuse connections. Mobile apps with certificate pinning need additional tools like Frida to bypass.
  • Running mitmproxy on a shared network without consent is illegal in most jurisdictions. Use it only on traffic you own or have permission to inspect.

常见问题

Is mitmproxy free?+

Yes. mitmproxy is free and open-source under the MIT license. There are no paid tiers or premium features. The full functionality including terminal UI, web UI, Python scripting, and all protocol support is included.

Can mitmproxy decrypt HTTPS traffic?+

Yes, after you install its CA certificate on the client device. mitmproxy generates certificates on the fly, signed by its CA, to decrypt and re-encrypt HTTPS traffic. Visit http://mitm.it while the proxy is running to install the certificate.

What is the difference between mitmproxy, mitmweb, and mitmdump?+

mitmproxy is the terminal-based interactive UI. mitmweb provides a browser-based web interface. mitmdump is a headless tool for scripted capture and replay. All three share the same proxy engine and support the same Python scripting API.

Can I use mitmproxy to debug mobile app traffic?+

Yes. Configure the mobile device to use your computer as HTTP proxy, install the mitmproxy CA certificate on the device, and all HTTP/HTTPS traffic flows through mitmproxy for inspection. This works for both iOS and Android.

Does mitmproxy support WebSocket traffic?+

Yes. mitmproxy can intercept, display, and modify WebSocket messages. Both the terminal UI and web UI show WebSocket frames alongside HTTP traffic in the same session.

引用来源 (3)
TokRepo 相关
Security toolsTesting toolsFeatured workflows

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

Traefik — Cloud Native Reverse Proxy & Load Balancer

Traefik is an open-source edge router that auto-discovers services, handles HTTPS certificates, and routes traffic — designed for Docker, Kubernetes, and microservices.

Skills
Script Depot

MockServer — Mock Any Server or Service via HTTP and HTTPS

MockServer is a Java-based tool for mocking and proxying HTTP and HTTPS services. It lets developers define request-response expectations programmatically or via JSON, acting as a stub server for integration testing, a proxy recorder for capturing real traffic, and a verification tool for asserting expected API interactions.

Skills
Script Depot

NPS — Lightweight NAT Traversal and Reverse Proxy Server

A high-performance intranet penetration proxy server written in Go with a web management dashboard, supporting TCP/UDP tunneling, HTTP/HTTPS proxying, SOCKS5, and P2P connections.

Scripts
Script Depot

Caddy — Fast Web Server with Automatic HTTPS

Caddy is a modern web server with automatic HTTPS by default. Zero-config TLS certificates, reverse proxy, file server, and load balancer — all in a single binary.

Skills
AI Open Source
首页🔍搜索👤我的