Skip to main content

Man in the middle proxy server

Project description

MIM Usage


This is a man-in-the-middle proxy server that shows a log of request and response headers; and fires signals that allow plugins to read and manipulate requests and responses.

A number of plugins are included. It is very easy to add more based on these examples.

Installation alternatives

  • pip install mim

Download .tar.gz

Installation of Beef

If you want to use the beef framework then: apt-get install beef-xss

Scripts (run with -h to see usage and options)




start the proxyserver with plugins


list users on the network so you can select a target


start arp poison


create fake access point []

Plugin options for




Log userids/passwords


Inject beef hook (browser exploitation framework)


Replace images with cats


Replace favicon with lock symbol


Inject data/injection.html


Kill session on first visit to domain (forces relogin)


Log requests


Replace https with http then proxy links via https


Turn images upsidedown

Alternative ways to send requests to the proxy

  1. Redirect browser


  • Set browser proxy settings to point to ip address of proxy PC port 10000

  1. Run arp attack


  • to see available machines to target on the local network

  • arp -t <ip address> to initiate arp attack on a target ip

  1. Run fake access point

  • fakeap

  • connect to Free Wifi from target pc

  • [NOTE: run after fakeAP to set firewall settings]

How to create a plugin

To create a plugin called “test”:

  • Create a module file “plugins/” based on other modules in plugins folder.

  • Use decorators e.g. @on(gotRequest) to link functions to the signals fired by the proxy. The signals are gotRequest, gotResponseTree, gotResponseText, gotResponseImage.

  • Edit the docstring for to add the option

To add a plugin to “otherplugins” (a single file containing many smaller plugins):

  • Follow the same format as the other plugins in “plugins/otherplugins”

  • Edit the docstring for to add the option

Where does it work

  • Tested via usage on a range of websites using proxy settings, arp attack and fakeAP

  • It should never block and has a timeout on web requests

Where does it not work

  • Some security software prevents arp attacks

  • Https requests typed directly in the address bar will not be intercepted

  • HttpsEverywhere (chrome extension) prevents interception

  • Some websites enforce https via the browser e.g. gmail, facebook

  • Some websites change http links back to https after the page loads e.g. ebay

  • Some websites have misformed html. Calling lxml.html.fromstring then tostring can change the appearance of the page as the parser attempts to correct problems. An alternative is to use lxml.etree instead but this causes issues with other pages and is missing functions such as rewrite_links.

MIM Design

Core files

Built in python2.7 using “twisted.web” and follows this chain:

  • proxy1 (a bash script that runs with selected options)


  • proxyserver [listens for connections]

    => ProxyFactory(http.HTTPFactory)

    => Proxy(http.HTTPChannel)

    => Request(http.Request)

  • proxyclient [creates connections to web]

    => ProxyClientFactory(proxy.ProxyClientFactory)

    => ProxyClient(proxy.ProxyClient, TimeoutMixin)

    => internet

Uses pydispatch2 (extended pydispatch) to manage signals

  • proxyclient and proxyserver send signals

  • plugins listen for signals

Other files



simple file server e.g. to serve images

wrapper for bash commands

decorator that connects a function to a signal

configuration for tools.logs


log of current session. This is cleared on each run.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mim-0.2.43.tar.gz (38.4 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page