An interactive, SSL-capable, man-in-the-middle HTTP proxy for penetration testers and software developers.
This repository contains the mitmproxy and pathod projects.
mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface.
mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.
mitmweb is a web-based interface for mitmproxy.
pathoc and pathod are perverse HTTP client and server applications designed to let you craft almost any conceivable HTTP request, including ones that creatively violate the standards.
Documentation & Help
General information, tutorials, and precompiled binaries can be found on the mitmproxy and pathod websites.
The latest documentation for mitmproxy is also available on ReadTheDocs.
Join our discussion forum on Discourse to ask questions, help each other solve problems, and come up with new ideas for the project.
Join our developer chat on Slack if you would like to contribute to mitmproxy itself.
The installation instructions are here. If you want to contribute changes, keep on reading.
As an open source project, mitmproxy welcomes contributions of all forms. If you would like to bring the project forward, please consider contributing in the following areas:
- Maintenance: We are incredibly thankful for individuals who are stepping up and helping with maintenance. This includes (but is not limited to) triaging issues, reviewing pull requests and picking up stale ones, helping out other users in our forums, creating minimal, complete and verifiable examples or test cases for existing bug reports, updating documentation, or fixing minor bugs that have recently been reported.
- Code Contributions: We actively mark issues that we consider are good first contributions. If you intend to work on a larger contribution to the project, please come talk to us first.
To get started hacking on mitmproxy, please follow the advanced installation steps to install mitmproxy from source, but stop right before running pip3 install mitmproxy. Instead, do the following:
git clone https://github.com/mitmproxy/mitmproxy.git cd mitmproxy ./dev.sh # "powershell .\dev.ps1" on Windows
The dev script will create a virtualenv environment in a directory called “venv” and install all mandatory and optional dependencies into it. The primary mitmproxy components - mitmproxy and pathod - are installed as “editable”, so any changes to the source in the repository will be reflected live in the virtualenv.
The main executables for the project - mitmdump, mitmproxy, mitmweb, pathod, and pathoc - are all created within the virtualenv. After activating the virtualenv, they will be on your $PATH, and you can run them like any other command:
. venv/bin/activate # "venv\Scripts\activate" on Windows mitmdump --version
If you’ve followed the procedure above, you already have all the development requirements installed, and you can run the full test suite (including tests for code style and documentation) with tox:
For speedier testing, we recommend you run pytest directly on individual test files or folders:
cd test/mitmproxy/addons pytest --cov mitmproxy.addons.anticache --looponfail test_anticache.py
As pytest does not check the code style, you probably want to run tox -e lint before committing your changes.
Please ensure that all patches are accompanied by matching changes in the test suite. The project tries to maintain 100% test coverage and enforces this strictly for some parts of the codebase.
The mitmproxy documentation is build using Sphinx, which is installed automatically if you set up a development environment as described above. After installation, you can render the documentation like this:
cd docs make clean make html make livehtml
The last command invokes sphinx-autobuild, which watches the Sphinx directory and rebuilds the documentation when a change is detected.
Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8 and the Google Style Guide unless there’s a very good reason not to.
This is automatically enforced on every PR. If we detect a linting error, the PR checks will fail and block merging. You can run our lint checks yourself with the following command:
tox -e lint