Intercept, inspect and modify traffic flow with mitmproxy

mitmproxy is an interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. All flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples.

mitmproxy

This week, the developers released mitmproxy 0.16, which includes a brand new HTTP/2 implementation built on top of hyper-h2. HTTP/2 requests now blend into the mitmproxy UI just like regular HTTP 1 requests, making mitmproxy the first interactive HTTPS proxy with HTTP/2 support. All HTTP/2 features from RFC7540 are supported – including PUSH_PROMISE, RST_STREAM, and as many concurrent streams as you want.

“Integrating HTTP2 was a big task, because the protocol is quite different in its basic characteristics from plain old HTTP, and we still had some parts of our codebase that assumed a challenge/response pattern for traffic. Now that the protocol implementation is solid and the user interface to deal with the traffic is working, we’ll continue to improve things over the coming months,” Aldo Cortesi, Lead Developer of mitmproxy told Help Net Security.

Google Summer of Code

The HTTP/2 implementation was done by Thomas Kriechbaumer who came on board as a Google Summer of Code (GSoC) Student last year.

“GSoC is incredibly valuable, because it gives a student the time and motivation to really get familiar with a project and to forge relationships with their open source colleagues. Interestingly, Maximilian Hils, who has grown to co-lead the project with me, also started working on mitmproxy as a GSoC student some years ago. It’s fair to say that GSoC has given mitmproxy two of its most skilled ongoing contributors, and I couldn’t possibly ask for a better result than that,” Cortesi added.

Changes in mitmproxy 0.16

  • Completely revised HTTP2 implementation based on hyper-h2
  • Export flows as cURL command, Python code or raw HTTP
  • Fixed compatibility with the Android Emulator
  • Script Reloader: Inline scripts are reloaded automatically if modified
  • Inline script hooks for TCP mode
  • Add default ciphers to support iOS9 App Transport Security
  • Basic Authentication for mitmweb
  • Exempt connections from interception based on TLS Server Name Indication
  • Provide Python Wheels for faster installation
  • Numerous bugfixes and minor improvements