Traffic Analysis with Mitmproxy: HTTPS Interception, Security Testing and Debugging
🧠 What Will You Learn in This Guide?
Mitmproxy is an open source proxy server tool used for debugging, penetration testing and data privacy analysis of network traffic.
In this guide, you'll learn how to decrypt, monitor, and manipulate encrypted HTTPS traffic using Mitmproxy's Man-in-the-Middle framework.
You will also see the tool's three different interfaces (mitmproxy, mitmweb, mitmdump) and advanced filtering methods.
1. 🔍 Basic Principles and Working Logic of Mitmproxy
1.1 Man-in-the-Middle (MITM) Architecture
- Problem: SSL/TLS encryption prevents classic proxies from seeing traffic.
- Solution: Mitmproxy resolves traffic by acting as a “server” for the client and a “client” for the server.
- Certificate Management:
Mitmproxy generates its own CA (Certificate Authority) certificate instantly.
To establish secure connections, the client must install this CA certificate as a “trusted root certificate”.
1.2 Three Different Interface Options
| Interface | Description | Usage Area |
|---|---|---|
| mitmproxy | Command line interface | Developer and terminal users |
| mitmweb | Web-based graphical interface | Visual analysis and quick editing |
| mitmdump | Script driven version | Automation and integration with Python |
2. ⚙️ Installation and First Operation
Mitmproxy is available on Linux, macOS and Windows.
Docker is recommended for fast and isolated startup.
2.1 Quickstart with Docker
docker run --rm -it -v ~/.mitmproxy:/home/mitmproxy/.mitmproxy -p 8080:8080 mitmproxy/mitmproxy
💡 This command starts mitmproxy on port 8080 with terminal interface.
2.2 Client Settings and Certificate Installation
Change the browser or device's proxy setting to 127.0.0.1:8080.
In the browser, go to http://mitm.it.
Download the CA certificate appropriate for your platform.
Install the certificate as a trusted root certificate.
Now the browser decrypts HTTPS traffic without giving the “Your connection is not private” warning.
3. 📡 Traffic Analysis and Manipulation Techniques
3.1 Web Interface (mitmweb)
Retrieved from http://127.0.0.1:8081. Ideal for visual analysis, request/response body inspection, and live traffic monitoring. While Mitmweb is open, you can monitor the traffic instantly by visiting the site from a second browser.
3.2 Selective Intercept
Regex-based filters are used to intercept only certain requests.
# URL’sinde "api" geçen istekleri durdur
~u api
🧩 E tuşu → düzenleme modu
▶️ A tuşu → akışı devam ettir
🔒 ~q parameter → only blocks the request, passing the response.
3.3 Replay
You can resend previously saved HTTP requests.
Client Replay: Sends previous client requests to the server.
Server Replay: Reproduces previous server responses.
# Seçilen isteği tekrarla
r
💡 This feature saves a lot of time in API tests.
3.4 Domain Exclusion
Some system traffic (for example, updates) cannot be captured due to certificate pinning.
mitmproxy --ignore-hosts '^ornek\.com:443$'
💡 This command excludes a specific domain from tracking.
❓ Frequently Asked Questions (FAQ)
1. Is there any difference between Mitmproxy, Burp Suite and Charles Proxy?
Yes. Mitmproxy is free and open source; It is command line oriented. Burp Suite was developed for professional security testing. Charles Proxy, on the other hand, offers an intuitive interface for QA and mobile developers.
2. How do I monitor mobile app traffic?
Start Mitmproxy on the computer.
Change the phone's proxy setting to computer IP + 8080 port.
Go to http://mitm.it from your mobile browser and install the certificate.
Trust the certificate → all HTTPS traffic is analyzed.
3. How to filter in Mitmproxy?
| Filter | Description | Example |
|---|---|---|
~u | URL filter | ~u /api/login |
~m | HTTP method | ~m POST |
~s | HTTP status | ~s 404 |
~d | Domain filter | ~d ornek.com |
& | AND logical operator | ~u login & ~m POST |
4. Why is Mitmproxy used in security testing?
Because Mitmproxy allows decoding HTTPS traffic and editing it in real time. In this way, sensitive data, authorization tokens and API security can be tested.
🏁 Result
Mitmproxy is a powerful, open-source tool for analyzing, manipulating and testing HTTP/HTTPS traffic. It provides an ideal solution for developers, QA teams and security professionals.
⚙️ By applying these techniques in your GenixNode infrastructure, you can make your traffic more secure, traceable and optimized.