MITM Proxy Lets You Look behind the Scenes

These days, when the use of many devices and countless apps is an everyday thing, how many computer users know what goes on in the background? How exactly are those apps operating? What information are they collecting on your devices? Where are they sending this information? If you’re a developer, can you be certain that the apps you’re building will be compliant? It’s vital to understand how all these factors work. A type of proxy called mitmproxy offers a great way to find out.

What is mitmproxy?

“Mitmproxy” is short for “Man-In-The-Middle proxy.” Essentially, it’s a piece of software you run on a device that operates between a client and a server. Mitmproxy is an interactive tool capable of tracking all of your requests as well as the server responses. This allows you to inspect, intercept, and modify these responses however you see fit.

Getting started

For installation, you can use:

  • Homebrew on macOS
  • Windows Subsystem for Linux (WSL) for Windows
  • for Linux, download the standalone binaries.

After completing installation, you can launch any of three front-end interfaces from the command line: mitmproxy (command line), mitmdump (Python API), or mitmweb (web interface). These front ends all use the same core proxy.

Then you’ll need to configure your browser or device to route all traffic through mitmproxy as an HTTP proxy. These configurations may differ for different browsers, but they should be easy to find on the Internet. After setup, you can head over to https://mitmproxy.org to check that everything is working as it should. Among other resources, the site links to a blog, release notes, publications, and forums such as GitHub.

Features

Mitmproxy is a free, open-source tool capable of intercepting, inspecting, modifying, and replaying traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. With mitmproxy, complete HTTP conversations can be saved and the client side of these conversations can be replayed. Also, you can intercept HTTP and HTTPS requests and responses for quick and easy modification. For macOS and Linux users, a transparent proxy mode is available. Using Python, you can make scripted changes to HTTP traffic. Note that users must authenticate their addresses before they can use the proxy.

Plenty of other features are available. You can view them here.

How it works

Like all proxy servers, mitmproxy places itself between the end-user device and the Internet. Apps send information to mitmproxy, which then forwards it to the Internet, which in turn sends a response to establish a connection. End-user devices will make data requests to routers, which forward the requests to the appropriate servers. A Mitmproxy CA Certificate is installed on the device. Mitmproxy then goes to work decrypting SSL-encrypted or HTTPS traffic, resulting in unencrypted information that’s relatively easy for the user to understand. And that’s how you get intel about behind-the-scenes apps plucking information from your device.

Keeping informed

You can’t overestimate the importance of knowing what is taking place on your devices behind the scenes. Who has access to your information, and what kinds of information? You need to keep track. For example, a look at normally hidden information may cause you to rethink your security protocols. You may be able to enhance your online security even further, reducing the risk of compromise. And, since the software is free, there’s just about no downside to testing it out.

This post contains affiliate links.