6. What is mitmproxy?
Web Server
Web
Services
Databas
e
Mobile Device
Local
Databa
se
Application
My Laptop running
MITMproxy
7. An SSL-capable man-in-the-middle proxy
Generic pentest/debug tool
Interactive, console based
intercept & modify
Extensible – invoke Python modules
What is mitmproxy?
8. How to … ?
MITMproxy is not an attack tool!
Configure it as a proxy
Import the CA Root cert
Run as interactive console app
Or 'mitmdump' - Think tcpdump for HTTP
10. Start MITM proxy
vishal@vishal:~$ sudo mitmproxy -b 192.168.1.108 -p 8080 --no-upstream-cert
-b ADDR, --bind-address ADDR Address to bind proxy to
-p PORT, --port PORT Proxy service port
--no-upstream-cert Don't connect to upstream server to look up certificate details
16. 3G/4G connections?
:(
BUT! You still can use your nifty hotspot feature! What you need is:
a device with a 3G/4G connection
the development device
your laptop
17. How we used mitmproxy for QA testing?
For mobile operator targeting
Spoofing operator name(s) in the HTTP request to check if server response