Skip to content

An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

License

Notifications You must be signed in to change notification settings

keimhaqi/mitmproxy

 
 

Repository files navigation

mitmproxy

Travis Build Status Appveyor Build Status Coverage Status Latest Version Supported Python versions

This repository contains the mitmproxy and pathod projects, as well as their shared networking library, netlib.

mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface.

mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP.

pathoc and pathod are perverse HTTP client and server applications designed to let you craft almost any conceivable HTTP request, including ones that creatively violate the standards.

Documentation & Help

General information, tutorials, and precompiled binaries can be found on the mitmproxy and pathod websites.

mitmproxy.org pathod.net

The latest documentation for mitmproxy is also available on ReadTheDocs.

mitmproxy documentation

Join our discussion forum on Discourse to ask questions, help each other solve problems, and come up with new ideas for the project.

Discourse: mitmproxy

Join our developer chat on Slack if you would like to hack on mitmproxy itself.

Slack Developer Chat

Installation

The installation instructions are here. If you want to contribute changes, keep on reading.

Hacking

To get started hacking on mitmproxy, make sure you have Python 3.5.x or above with virtualenv installed (you can find installation instructions for virtualenv here). Then do the following:

git clone https://github.com/mitmproxy/mitmproxy.git
cd mitmproxy
./dev.sh  # powershell .\dev.ps1 on Windows

The dev script will create a virtualenv environment in a directory called "venv", and install all mandatory and optional dependencies into it. The primary mitmproxy components - mitmproxy, netlib and pathod - are installed as "editable", so any changes to the source in the repository will be reflected live in the virtualenv.

To confirm that you're up and running, activate the virtualenv, and run the mitmproxy test suite:

. venv/bin/activate  # venv\Scripts\activate on Windows
py.test

Note that the main executables for the project - mitmdump, mitmproxy, mitmweb, pathod, and pathoc - are all created within the virtualenv. After activating the virtualenv, they will be on your $PATH, and you can run them like any other command:

mitmdump --version

For convenience, the project includes an autoenv file (.env) that auto-activates the virtualenv when you cd into the mitmproxy directory.

Testing

If you've followed the procedure above, you already have all the development requirements installed, and you can simply run the test suite:

py.test

Please ensure that all patches are accompanied by matching changes in the test suite. The project tries to maintain 100% test coverage.

You can also use tox to run a full suite of tests in Python 2.7 and 3.5, including a quick test to check documentation and code linting.

The following tox environments are relevant for local testing:

tox -e py27  # runs all tests with Python 2.7
tox -e py35  # runs all tests with Python 3.5 (partial support only)
tox -e docs  # runs a does-it-compile check on the documentation
tox -e lint  # runs the linter for coding style checks

We are in the middle of transitioning to Python 3, so please make sure all tests pass in Python 2.7 and 3.5. Running tox ensure all necessary tests are executed.

Documentation

The mitmproxy documentation is build using Sphinx, which is installed automatically if you set up a development environment as described above. After installation, you can render the documentation like this:

cd docs
make clean
make html
make livehtml

The last command invokes sphinx-autobuild, which watches the Sphinx directory and rebuilds the documentation when a change is detected.

Style

Keeping to a consistent code style throughout the project makes it easier to contribute and collaborate. Please stick to the guidelines in PEP8 and the Google Style Guide unless there's a very good reason not to.

This is automatically enforced on every PR. If we detect a linting error, the PR checks will fail and block merging. We are using this command to check for style compliance:

flake8 --jobs 8 --count mitmproxy netlib pathod examples test

About

An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 79.7%
  • CSS 11.2%
  • JavaScript 8.7%
  • Other 0.4%