Tracing HTTPS Requests Using Mitmproxy

Mitmproxy is a powerful tool that allows you to intercept, modify, and inspect network traffic. It’s commonly used for debugging, security testing, and analyzing HTTP/HTTPS traffic. In this article, we’ll explore how to trace HTTPS requests using mitmproxy, both with a regular proxy and a transparent proxy setup.

Prerequisites

Before you start, make sure you have mitmproxy installed. You can install it using pip:

1

pip install mitmproxy

Regular Proxy Setup

1. Launch mitmproxy:

   Start mitmproxy by running the following command:

   1

   mitmproxy

2. Configure Proxy Settings:

   Configure your device or application to use mitmproxy as a regular proxy. The proxy settings should point to 127.0.0.1 (localhost) on port 8080, which is the default port mitmproxy listens on.

3. Inspect HTTPS Traffic:

   As you use your device or application, mitmproxy will intercept the traffic. You can navigate through the mitmproxy interface using the command-line keys. To view detailed information about a request or response, select it and press Enter.

   Note that mitmproxy generates a self-signed SSL certificate for the intercepted domains. This can trigger security warnings in your browser or application. You can either choose to trust the certificate or install mitmproxy’s root certificate on your device.

Transparent Proxy Setup

1. Enable IP Forwarding:

   For transparent proxying, you need to enable IP forwarding on your machine:

   1	echo 1 > /proc/sys/net/ipv4/ip_forward

2. Configure iptables:

   Set up iptables rules to redirect traffic to the mitmproxy port (8080 by default):

   1	iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080

   This rule redirects all outgoing HTTPS traffic to mitmproxy.

3. Launch mitmproxy:

   Start mitmproxy as before:

   1

   mitmproxy

4. Inspect Transparently Proxied Traffic:

   Since the traffic is now being transparently redirected through mitmproxy, you don’t need to manually configure proxy settings on your device or application. Simply use your device normally, and mitmproxy will intercept the HTTPS traffic.

Mitigating Certificate Errors

When intercepting HTTPS traffic, mitmproxy generates its own SSL certificate for the intercepted domains. This can cause SSL/TLS certificate errors in your browser or application. To avoid this, you can install mitmproxy’s root certificate on your device. The certificate can be found in the mitmproxy data directory.

Conclusion

Mitmproxy is a versatile tool for tracing HTTPS requests using both regular and transparent proxy setups. Whether you’re debugging network issues, analyzing application behavior, or conducting security assessments, mitmproxy provides a powerful way to intercept and inspect encrypted traffic. Just remember that intercepting HTTPS traffic should be done responsibly and only on systems you have the legal right to control.