fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic

fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats.

fiddleitm features

“I created fiddleitm because I needed a replacement for a similar project I ran for years using Fiddler. It needed to be cross platform compatible and highly extensible. This is a web proxy and debugging tool by a security researcher, for security researchers,” Jérôme Segura, the creator of the tool, told Help Net Security.

One of its main features is its rule system. fiddleitm uses a set of rules, some from a GitHub repository and others from a local file called localrules.json. These rules tell it what to look for. If it spots something, it alerts you in the mitmproxy console. It can also write those alerts to a log file called rules.log, which you can review later.

You can tweak some of the request headers too, such as User-Agent, Referer, and Accept-Language, if you want to test how different settings affect the traffic. There is also a “traffic lite” mode that filters out common image and video files. This helps cut down on noise and makes it easier to focus on what matters.

fiddleitm can check for updates and install them from GitHub with a command. If you update your rules or want to check traffic again, you can reload and recheck without restarting everything.

“I think what makes it unique is the combination of traffic capture and classification of web threats in a friendly user interface, via community-based rules. It also has specific use cases related to analyzing and replaying malicious web traffic,” Segura explained.

Future plans and download

“While the core features have already been released, I would like to improve the user experience and create automated tasks via APIs, to make this a robust all-in-one tool. I’m also eager to share ideas with the development team for mitmproxy, possibly adding some of those features natively,” Segura concluded.

fiddleitm is available for free on GitHub.

Must read:

• GitHub CISO on security strategy and collaborating with the open-source community
• Don’t let these open-source cybersecurity tools slip under your radar
• 33 open-source cybersecurity solutions you didn’t know you needed

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!