mitmproxy is an interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed.
Install mitmproxy on your machine using the docs from the mitmproxy site.
The recommended way to install mitmproxy on macOS is to use Homebrew:
brew install mitmproxy
The recommended way to install mitmproxy on Windows is to download the Self-contained Pre-built Binary Packages from mitmproxy's releases page.
After installation, you’ll find shortcuts for mitmweb (the web-based interface) and mitmdump in the start menu. Both executables are added to your PATH and can be invoked from the command line.
Run mitmproxy or mitmweb to view requests and responses to proxy
-
Console:
mitmproxy --host
-
Web interface (view in browser):
mitmweb --host
*By default, mitmproxy runs on port 8080
Setup your browser's proxy to use default mitmproxy port
- Go to
Preferences
, search forProxy
, then clickManual Proxy Configuration
- Under HTTP Proxy type
127.0.0.1
in the first field, and8080
under Port. - Now under SSL Proxy type
127.0.0.1
in the first field, and8080
under Port. Then hit OK.
- Go to
Settings
, search forProxy
, then clickOpen proxy settings
- This should open up your
Network Preferences
, click on HTTP and set to127.0.0.1 : 8080
- Then click on HTTPS and set to
127.0.0.1 : 8080
- Go to http://mitm.it/ to download the certificate and install on your browser
-
Go to sdk tools
cd ~/Library/Android/sdk/tools
-
List all your available AVDs
emulator -list-avds
-
Run emulator with http-proxy argument
emulator -avd <AVD name> -netdelay none -netspeed full -http-proxy http://<local IP>:8080
e.g.emulator -avd Pixel_API_26 -netdelay none -netspeed full -http-proxy http://127.0.0.1:8080
- Go to http://mitm.it/ to download the certificate and install into the device/emulator OR
- Run mitmweb once to create ssl certificates in
.mitmproxy
- Copy and install
mitmproxy-ca-cert.cer
from.mitmproxy
into the device/emulator
-
In the Android project, update the file
TrustAllSSLProtocolSocketFactory.java
in the projectcodebase
:private static final boolean TRUST_ALL_SSL_CERTIFICATES = true;
-
This is for testing purposes only and should not be committed, you should revert this when releasing a build.
- Run the updated Android app and update the JSON responses from
mock
folder for testing.
- Find the lines instantiating
AFSecurityPolicy
initializepolicyWithPinningMode
toAFSSLPinningModeNone
- Make sure
securityPolicy.allowInvalidCertificates
isNO
(false)
- Launch iOS Simulator
- Drag and drop the mitm proxy pem file found at
~/.mitmproxy/mitmproxy-ca-cert.pem
to the iOS Simulator - Set machine's network settings proxy http and https to localhost:8080
- Run
mitmproxy
in your machine - Run app
- Ensure that the machine and phone are connected in the same network
- Update up phone's network proxy manually to
192.168.1.xxx
(machine's IP in the network) with port8080
- Run
mitmproxy
in your machine - Access
http://mitm.it
and choose iOS to install certificate - Run app
Run an API call through your configured browser to view the request / response
- If you are running the mitmproxy (console), you should see the requests and response in your console
- If you are running mitmweb, you should see the requests and response in your browser using https://localhost:8081
You can mock an API response by using mitmdump
-
Run the python script in this repository (
scripts/intercept_requests.py
) to mock theJSON
responseNew Version (2.0.2) -
mitmdump -s scripts/intercept_requests.py