mitmproxy

An interactive, SSL-capable, man-in-the-middle HTTP proxy for penetration testers and software developers.

Project Description

This repository contains the mitmproxy and pathod projects.

mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

mitmweb is a web-based interface for mitmproxy.

pathoc and pathod are perverse HTTP client and server applications designed to let you craft almost any conceivable HTTP request, including ones that creatively violate the standards.

Documentation & Help

General information, tutorials, and precompiled binaries can be found on the mitmproxy and pathod websites.

The documentation for mitmproxy is available on our website:

Join our discussion forum on Discourse to ask questions, help each other solve problems, and come up with new ideas for the project.

Join our developer chat on Slack if you would like to contribute to mitmproxy itself.

Installation

The installation instructions are here. If you want to contribute changes, keep on reading.

Contributing

As an open source project, mitmproxy welcomes contributions of all forms. If you would like to bring the project forward, please consider contributing in the following areas:

Maintenance: We are incredibly thankful for individuals who are stepping up and helping with maintenance. This includes (but is not limited to) triaging issues, reviewing pull requests and picking up stale ones, helping out other users in our forums, creating minimal, complete and verifiable examples or test cases for existing bug reports, updating documentation, or fixing minor bugs that have recently been reported.
Code Contributions: We actively mark issues that we consider are good first contributions. If you intend to work on a larger contribution to the project, please come talk to us first.

Development Setup

To get started hacking on mitmproxy, please follow the advanced installation steps to install mitmproxy from source, but stop right before running pip3 install mitmproxy. Instead, do the following:

git clone https://github.com/mitmproxy/mitmproxy.git
cd mitmproxy
./dev.sh  # "powershell .\dev.ps1" on Windows

The dev script will create a virtualenv environment in a directory called “venv” and install all mandatory and optional dependencies into it. The primary mitmproxy components - mitmproxy and pathod - are installed as “editable”, so any changes to the source in the repository will be reflected live in the virtualenv.

The main executables for the project - mitmdump, mitmproxy, mitmweb, pathod, and pathoc - are all created within the virtualenv. After activating the virtualenv, they will be on your $PATH, and you can run them like any other command:

. venv/bin/activate  # "venv\Scripts\activate" on Windows
mitmdump --version

Testing

If you’ve followed the procedure above, you already have all the development requirements installed, and you can run the full test suite (including tests for code style and documentation) with tox:

tox

To run complete tests with a full coverage report, you can use the following command:

tox -- --verbose --cov-report=term

For speedier testing, we recommend you run pytest directly on individual test files or folders:

cd test/mitmproxy/addons
pytest --cov mitmproxy.addons.anticache --looponfail test_anticache.py

As pytest does not check the code style, you probably want to run tox -e lint before committing your changes.

Please ensure that all patches are accompanied by matching changes in the test suite. The project tries to maintain 100% test coverage and enforces this strictly for some parts of the codebase.

Documentation

The following tools are required to build the mitmproxy docs:

cd docs
yarn
modd

Code Style

Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8 and the Google Style Guide unless there’s a very good reason not to.

This is automatically enforced on every PR. If we detect a linting error, the PR checks will fail and block merging. You can run our lint checks yourself with the following command: