Mitmproxy – how to capture SSL traffic

Mitmproxy is a python proxy, it’s very light. Basically it’s like a normal proxy but it offers some advanced features that most developer/ hacker like to have:
– Watching your internet traffic
– Decrypt https (SSL) traffic
– It’s the middle man, it allows you to inject python code to change the request/response header between the client and the server.

I have a use case to use it: I need to use Chrome in Linux and it must pass the NTLM authentication by windows server , Chrome can do it in Windows but In Linux , there is no way it can pickup credential and send it the web server. NTLM is pretty easy to implement, we just need to add some headers. So this where mitlmproxy comes into play. We setup Chrome to use the proxy(mitmlproxy), we inject our python code to add the authentication header into the request, so the server will receive the authentication.

This is what i setup on a Ubuntu 18.04

sudo apt remove mitmproxy (if you already use apt to install and it’s not working)
sudo apt install python3-pip
sudo pip3 install -U pip
sudo pip3 install mitmproxy
ln -s /usr/local/bin/mitmproxy /usr/bin/mitmproxy

Here are some commands
mitmproxy -p 8888
mitmdump –set block_global=false

mitmdump -ns examples/add_header.py

The next step is set your browser to use the proxy , then browse this this url http://mitm.it/ to install the certificate.

follow the instructions to setup the certificate.

Leave a Reply

Your email address will not be published. Required fields are marked *