Skip to main content

Mitmproxy

mitmproxy is an interactive proxy used to inspect and debug HTTP/HTTPS traffic. It is more advanced than a regular SOCKS proxy because it performs a man-in-the-middle flow for TLS connections.

mitmproxy is useful when you need to troubleshoot requests going through the SSH SOCKS tunnel and want to see request and response details.

Setup

  1. Install mitmproxy.
## Fedora
sudo dnf install mitmproxy -y

## Ubuntu / Debian
sudo apt update && sudo apt install mitmproxy -y
  1. Start your SSH SOCKS tunnel first (same endpoint used across this docs set).
ssh -N example-network
  1. Run mitmproxy locally.
mitmproxy --listen-host 127.0.0.1 --listen-port 8080
  1. (Optional) Chain mitmproxy to the SSH SOCKS proxy.
mitmproxy --mode upstream:socks5://127.0.0.1:3456 --listen-host 127.0.0.1 --listen-port 8080
  1. Point the client application or browser proxy to 127.0.0.1:8080.

TLS Certificate Trust

To decrypt HTTPS traffic, mitmproxy generates a local CA certificate that clients must trust.

  1. Start mitmproxy once to generate cert files under ~/.mitmproxy/.
  2. Open http://mitm.it from a client configured to use mitmproxy.
  3. Install the certificate for your client OS/browser.

If the certificate is not trusted, HTTPS requests will fail with certificate errors and decrypted traffic will not be visible.

Notes

  • Use mitmproxy only in environments where inspection is authorized.
  • mitmproxy is great for debugging but is heavier than FoxyProxy or Proxychains for daily use.
  • For web UI, use mitmweb --listen-host 127.0.0.1 --listen-port 8080.