Often times we want to see our network traffic in an organized way, one tool we can use is
tcpdump but its a pretty low level tool and often times HTTP is all we actually care about.
mitmproxy (man in the middle proxy)
I’ve been using
mitmproxy, its an incredible Python tool that is designed for HTTP and I especially love the command line ncurses interface. Its designed for man in the middle attacks but you can also use it as a debugging tool. Its installable with
pip but I just settle for the version that is present on the package manager. With
mitmproxy we’ll see all the HTTP traffic in a clean and organized way;
mitmproxy is MUCH nicer than using squid and the icky configurations that come along with squid.
This example was tested and works on Ubuntu 14.04 and also worked on an Ubuntu 14.04 VM running on VMWare on OS X.
Essentially we will send all IP traffic from our local machine through
mitmproxy as a proxy, this is apparently called a local transparent proxy.
First we set up some rules for the Linux kernel:
I’m going to assume you have another Unix account named mitm_account, yes two accounts are needed.
$ sudo iptables -t nat -A OUTPUT -p tcp \ -m owner ! --uid-owner mitm_account \ --dport 443 -j REDIRECT --to-port 9001
This looks complicated, you can read up on the
iptables man page for all the nitty gritty details. I will try to get a
OS X equivalent as well. We also do this same command over, but change
--dport to 80 for regular HTTP traffic as well.
mitm_account. This is the name of some other account, you’ll need to have two Unix accounts for this to work and
mitm_account is the Unix account we’ll use that will actually run the
Then we’ll open another shell and change users to mitm_account and run:
$ mitmproxy -T -p 9001
And this will start the proxy interceptions.