mitmproxy integration

mitmproxy is an advanced HTTP debugging tool. It can intercept TLS-encrypted connections by generating certificates on the fly. It supports HTTP/2, it can work as a reverse proxy... Cool stuff.

HTTPolice comes with an inline script for mitmproxy that will check intercepted exchanges and produce a normal HTTPolice report. It also works with mitmproxy’s command-line tool mitmdump.

See mitmproxy docs for instructions on how to install it. Ubuntu 16.04 “Xenial Xerus” has a package for mitmproxy 0.15 that should be recent enough for HTTPolice.

You will also need to install the integration package (see Installation):

$ pip install mitmproxy-HTTPolice

Usage

To run HTTPolice together with mitmproxy, use a command like this:

$ mitmdump -s "`python -m mitmproxy_httpolice` -o html report.html"

Note the backticks. Also, you can replace mitmdump with mitmproxy if you wish.

-s is mitmproxy’s option that specifies an inline script to run, along with arguments to that script.

python -m mitmproxy_httpolice is a sub-command that prints the path to the script file:

$ python -m mitmproxy_httpolice
/home/vasiliy/.local/lib/python2.7/site-packages/mitmproxy_httpolice.py

-o html tells HTTPolice to produce HTML reports (omit it if you want a plain text report). Finally, report.html is the name of the output file.

Now, mitmproxy/mitmdump starts up as usual. Every exchange that it intercepts is checked by HTTPolice. When you stop mitmdump (Ctrl+C) or exit mitmproxy, HTTPolice writes an HTML report to report.html.

You can use the -s option to silence unwanted notices, just as with the httpolice command-line tool:

$ mitmdump -s "`python -m mitmproxy_httpolice` -s 1089 -s 1194 report.txt"