Skip to main content

Man in the middle proxy server

Project description

MIM Usage


This is a man-in-the-middle proxy server that shows a log of request and response headers; and fires signals that allow plugins to read and manipulate requests and responses.

A number of plugins are included. It is very easy to add more based on these examples.

Installation alternatives

  • pip install mim
Download .tar.gz

Installation of Beef

If you want to use the beef framework then: apt-get install beef-xss

Scripts (run with -h to see usage and options)

script description
proxy start the proxyserver with plugins
users list users on the network so you can select a target
arp start arp poison
fakeap create fake access point []

Plugin options for

option description
–auth Log userids/passwords
–beef Inject beef hook (browser exploitation framework)
–cats Replace images with cats
–favicon Replace favicon with lock symbol
–inject Inject data/injection.html
–kill Kill session on first visit to domain (forces relogin)
–requests Log requests
–sslstrip Replace https with http then proxy links via https
–upsidedown Turn images upsidedown

Alternative ways to send requests to the proxy

  1. Redirect browser
  • Set browser proxy settings to point to ip address of proxy PC port 10000
  1. Run arp attack
  • to see available machines to target on the local network
  • arp -t <ip address> to initiate arp attack on a target ip
  1. Run fake access point
  • fakeap
  • connect to Free Wifi from target pc
  • [NOTE: run after fakeAP to set firewall settings]

How to create a plugin

To create a plugin called “test”:

  • Create a module file “plugins/” based on other modules in plugins folder.
  • Use decorators e.g. @on(gotRequest) to link functions to the signals fired by the proxy. The signals are gotRequest, gotResponseTree, gotResponseText, gotResponseImage.
  • Edit the docstring for to add the option

To add a plugin to “otherplugins” (a single file containing many smaller plugins):

  • Follow the same format as the other plugins in “plugins/otherplugins”
  • Edit the docstring for to add the option

Where does it work

  • Tested via usage on a range of websites using proxy settings, arp attack and fakeAP
  • It should never block and has a timeout on web requests

Where does it not work

  • Some security software prevents arp attacks
  • Https requests typed directly in the address bar will not be intercepted
  • HttpsEverywhere (chrome extension) prevents interception
  • Some websites enforce https via the browser e.g. gmail, facebook
  • Some websites change http links back to https after the page loads e.g. ebay
  • Some websites have misformed html. Calling lxml.html.fromstring then tostring can change the appearance of the page as the parser attempts to correct problems. An alternative is to use lxml.etree instead but this causes issues with other pages and is missing functions such as rewrite_links.

MIM Design

Core files

Built in python2.7 using “twisted.web” and follows this chain:

  • proxy1 (a bash script that runs with selected options)


  • proxyserver [listens for connections]

    => ProxyFactory(http.HTTPFactory)

    => Proxy(http.HTTPChannel)

    => Request(http.Request)

  • proxyclient [creates connections to web]

    => ProxyClientFactory(proxy.ProxyClientFactory)

    => ProxyClient(proxy.ProxyClient, TimeoutMixin)

    => internet

Uses pydispatch2 (extended pydispatch) to manage signals

  • proxyclient and proxyserver send signals
  • plugins listen for signals

Other files

file description simple file server e.g. to serve images wrapper for bash commands decorator that connects a function to a signal configuration for tools.logs
log.txt log of current session. This is cleared on each run.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for mim, version 0.2.43
Filename, size File type Python version Upload date Hashes
Filename, size mim-0.2.43.tar.gz (38.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page