mitmproxy Cheat Sheet
Interactive TLS-capable HTTP proxy for intercepting, replaying, and scripting web traffic.
Overview
mitmproxy (and mitmweb/mitmdump) intercepts HTTP/HTTPS for manual analysis or scripted modification. Alternative to Burp for CLI-first workflows, automation, and Python addons on authorized assessments.
Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.
Install
sudo apt install -y mitmproxypip install mitmproxyEssential commands
Interactive TUI proxy (default port 8080)
mitmproxyWeb UI
mitmweb --web-host 127.0.0.1Non-interactive dump to file
mitmdump -w traffic.flowCommon workflows
Browser through proxy —
mitmproxy --listen-port 8080Replay and filter flows —
mitmdump -nr traffic.flow "~u target.example" -s replay_script.pyrewrite.py
def request(flow):if "target.example" in flow.request.pretty_host:flow.request.headers["X-Forwarded-For"] = "127.0.0.1"mitmproxy -s rewrite.pyReverse proxy to local app —
mitmproxy --mode reverse:https://target.example --listen-port 8081Export for reporting —
mitmdump -nr traffic.flow -w filtered.flow "~d target.example"mitmdump -nr traffic.flow --set flow_detail=2 > requests.txtFlags reference
--listen-port | Proxy port (default 8080) |
|---|---|
--mode | regular, transparent, reverse, upstream |
-w FILE | Write flows to file |
-nr FILE | Read flows (no replay) |
-s SCRIPT | Run addon script |
~u regex | Filter URL (mitmdump) |
~d host | Filter domain |
--set | Set option (e.g. ssl_insecure=true) |
mitmweb | Web interface |
mitmdump | CLI dump / scripting |
Tips
- Use mitmweb when learning; mitmdump for CI and capture pipelines.
- Addon API replaces legacy inline scripts—see mitmproxy docs for mitmproxy.http.
- For mobile apps, install mitm CA on device and enable user trust (Android 7+ may need network config).
- Combine with curl --proxy http://127.0.0.1:8080 for scripted traffic through capture.