Skip to main content

Automated CLI proxy intercepts

infosec
Learn how to set up mitmproxy using Docker to intercept, inspect, and manipulate HTTP requests from browsers and command-line tools.

Introduction

Penetration testing tools such as mitmproxy and Burp Suite are invaluable for intercepting, inspecting, and manipulating HTTP requests. To maintain a focused scope, this article will concentrate on the versatile mitmproxy utility, though Burp Suite could be employed just as effectively for similar tasks.

Note

This article assumes basic familiarity with Docker and command-line interfaces. You'll need Docker installed on your system to follow along with the examples.

Running mitmproxy on Docker

While mitmproxy can be installed directly through a binary package or via pip, we'll utilise Docker containers for a cleaner, more isolated setup. We'll work with the official mitmproxy Docker image.

First, let's create a directory for our certificates in an XDG-compatible location:

mkdir -p $HOME/.config/mitmproxy

Important

If `$HOME/.config/mitmproxy/mitmproxy-ca.pem` exists in the container, `mitmproxy` will adopt the `uid` and `gid` from the file owner.

We can now launch the mitmproxy container:

docker run --rm -it -v $HOME/.config/mitmproxy:/home/mitmproxy/.mitmproxy -p 8080:8080 mitmproxy/mitmproxy

The mitmproxy image also provides access to the mitmdump utility:

docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump

To access the mitmweb graphical interface, we need to expose port 8081:

docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0

Once the container is running, you can access the web interface by pointing your browser to http://localhost:8081/.

Configure browser network proxy

With mitmproxy running, we need to configure our browser to redirect traffic through it. In Firefox Developer Edition, we can modify the network settings through about:config by setting the following values:

  • network.proxy.http to 127.0.0.1
  • network.proxy.http_port to 8080
  • network.proxy.type to 1

Alternatively, these values can be configured in the browser's Settings (look for Network Settings at the bottom of the General panel).

After configuring the browser's proxy settings, redirected traffic will appear as mitmproxy flows in your terminal, allowing you to inspect and manipulate requests and responses.

Proxying curl and wget

Command-line tools like curl and wget can also be configured to route their traffic through mitmproxy. This can be accomplished either by setting environment variables or by providing inline instructions:

export http_proxy=localhost:8080
export https_proxy=localhost:8080
curl ifconfig.io
wget -O /dev/null ifconfig.io

## or ##

http_proxy=localhost:8080 https_proxy=localhost:8080 curl ifconfig.io
http_proxy=localhost:8080 https_proxy=localhost:8080 wget -O /dev/null ifconfig.io

Tip

When working with multiple terminal sessions, setting the proxy variables in your shell's profile file (like `.bashrc` or `.zshrc`) can be convenient for persistent configuration.

These redirected curl and wget requests should now be visible in your mitmproxy terminal as interactive flows, allowing for inspection and modification.

Resources