mitmproxy – When You Need to See What’s Really in the Traffic

What is mitmproxy

mitmproxy is an interactive, console-based HTTPS proxy that lets you inspect, modify, and debug HTTP(S) traffic on the fly. It acts as a transparent man-in-the-middle: intercepting browser traffic, API calls, mobile app requests — and showing it in real time.

It’s a favorite tool among penetration testers, backend developers, and network troubleshooters. Unlike packet-level sniffers, mitmproxy actually understands HTTP, lets you rewrite headers and payloads, replay traffic, and automate behavior with Python scripts.

The interface runs in the terminal, but there’s also a web UI (mitmweb) for those who prefer to click.

Technical Overview

How It Works (In the Real World)

You run mitmproxy on a workstation and configure your device (browser, app, or phone) to route traffic through it. It generates its own TLS cert on the fly for each domain and decrypts everything — unless the app uses pinning or certificate transparency tricks.

Captured requests and responses are visible in the curses-style interface. You can press keys to inspect headers, follow redirects, edit a field, replay a request, or drop a POST entirely.

You can also write addons in Python — like replacing every image with a placeholder, or auto-approving login test cases.

Typical Use Cases

– Debugging what a mobile app is really sending in the background
– Replaying and editing API calls to test edge cases
– Intercepting browser traffic for inspection or mock testing
– Teaching network security and HTTPS internals with live examples
– Reverse-engineering undocumented HTTP APIs