mitmproxy Cheatsheet

HTTP/HTTPS proxy for debugging, testing & modifying traffic

Security

Contents

Basics Commands Filters Intercept & Modify Scripting Certificates Export

🔧

Basics

# Install
pip install mitmproxy
brew install mitmproxy

# Three interfaces
mitmproxy           # TUI (terminal UI)
mitmweb             # Web UI (browser)
mitmdump            # CLI (scriptable)

# Start
mitmproxy -p 8080              # custom port
mitmproxy --mode reverse:http://localhost:3000
mitmweb --listen-port 8080

# Set system/browser proxy to localhost:8080
# Install mitmproxy CA cert: http://mitm.it

⌨️

Commands

# In mitmproxy TUI
?                 help
q                 quit / back
Enter             view flow details
Tab               switch tabs (Request/Response/Detail)
z                 clear flows
d                 delete flow
r                 replay request
e                 edit flow
f                 set filter
i                 set intercept filter
w                 save flows
L                 load flows
/                 search

🔍

Filters

# Filter expressions
~d example.com         # domain
~u /api/               # URL path contains
~m POST                # method
~c 200                 # status code
~c 4xx                 # 4xx errors
~t json                # content-type contains
~b "error"             # body contains
~h "auth"              # header contains
~q                     # requests only
~s                     # responses only

# Combine
~d api.com & ~m POST
~d api.com | ~d cdn.com
!~d google.com         # NOT

# CLI filter
mitmdump -f "~d api.com & ~m GET"

🛑

Intercept & Modify

# Set intercept filter: press i
# Example: intercept all POST requests
~m POST

# Intercepted flows are orange
# Press Enter → Tab to edit request/response
# Press a to resume (accept)
# Press A to accept all

# Modify and replay
1. Select flow
2. Press e → edit (choose part to edit)
3. Make changes
4. Press r to replay

# Kill intercepted flow
press k (drops the request)

📜

Scripting

# Python addon script
# save as addon.py
from mitmproxy import http

def request(flow: http.HTTPFlow):
    # Add header to all requests
    flow.request.headers["X-Custom"] = "injected"

def response(flow: http.HTTPFlow):
    # Modify response
    if "api.com" in flow.request.pretty_host:
        flow.response.headers["X-Proxied"] = "true"

# Run with script
mitmdump -s addon.py
mitmproxy -s addon.py

🔐

Certificates

# Install CA certificate
# Start mitmproxy, visit http://mitm.it
# Download cert for your OS

# macOS
1. Download .pem from http://mitm.it
2. Open Keychain Access → import cert
3. Mark as "Always Trust"

# Certificate files location
~/.mitmproxy/mitmproxy-ca-cert.pem    # CA cert
~/.mitmproxy/mitmproxy-ca.pem         # CA + key

💾

Export

# Save flows
mitmdump -w output.flow          # save all
mitmdump -w output.flow -f "~d api.com"

# Load flows
mitmproxy -r output.flow

# Export as other formats (in TUI: press E)
# curl command
# HTTPie command
# raw HTTP

# HAR export
mitmdump -s har_dump.py          # addon script