SecurityOnline: mitmproxy v10.0 releases: An interactive TLS-capable intercepting HTTP proxy https://securityonline.info/mitmproxy/ #WebVulnerabilityAnalysis #mitmproxy

Any #OpenWRT #Firewall experts here? I'd like to learn #NetFilter properly, I think.

I am trying to set up a transparent proxy on a VM to analyse traffic from other VMs.

https://forum.openwrt.org/t/transparent-proxying-and-nftables

#iptables #firewall #proxy #mitmproxy

In case anyone is trying to get a root certificate to work on Android 11 (for analysing traffic with eg. #mitmproxy):

This now seems to be the only working solution (except using #Magisk).
https://gist.github.com/pwlin/8a0d01e6428b7a96e2eb?permalink_comment_id=3499340#gistcomment-3499340

#WorkedForMe

Later in that thread someone describes how it is possible to install the certificate permanently in the android system using #TWRP.

since certain (cough) sites harden examing their network traffic in the chrome*and*firefox developer tools by means of some sort of targeted scripted ressource exhaustion, #mitmproxy came on screen again. great tool for intercepting https traffic, python, reasonably performant even on lower end hardware

Cosmic mitmproxy https://github.polettix.it/ETOOBUSY/2023/04/04/cosmic-mitmproxy/ #mitm #security #mitmproxy

I purchased ProxyMan for my Mac with their generous student discount because it's cheaper than Burp Suite, and I can't/don't use my work licenses for self-directed research and academia.

It's nice. The UI/UX is intuitive and macOS-like, making it stand out for me against the likes of mitmproxy, Burp, and ZAP. It took a handful of straightforward in-app clicks to set the system proxy, trust their root CA certificate for specific domains, and pass-thru everything else.

My license also unlocked premium features for their mobile app, which I just learned of but am now interested in checking out. I'm glad there's still room for competition in the MITM space.

Published a blog on a my experience with #mitmproxy new #wireguard functionally. It helped me to quickly find an insecure S3 bucket being used by one of the apps I use on my iPhone. Check it out:
https://underfl0w.com/mitmproxy-iphone-quickly-discovered-insecure-endpoints/
#security #hacking #bugbounty

#TIL about #mitmproxy, interactive HTTPS proxy

https://mitmproxy.org/

Does anyone know how agent-based #proxy systems work? I mean where you have an agent running on your #Windows desktop, and it monitors connections being made, and then forces the client to connect to a local proxy agent listening on a port on the desktop? Thinks like GTB or Umbrella SWG?

These things will listen on a port. If you open your browser and make a connection, they will either skip the connection (based on rules) in which case the browser connects normally. Or if the agent does not "skip" your browser will be forced to connect to a port on the local agent instead. The local agent then makes the connection to the real website.

I don't quite get where they hook in for redirect that connection. Is that within the OS?

#cisco #umbrella #mitmproxy

Shout-out to #mitmproxy. It does not only have a great terminal UI, but also the docs are awesome.

Took me around 10 minutes from installation to intercepting API requests of an Android App on a rooted device.

My work sometimes require a bit of Linux-based operations, particularly with tcpdump, tshark and openssl (in future maybe mitmproxy).

So I'm incredibly lucky to have this exceptional zine by @b0rk for free (thanks to ENUSEC 2021 contest) which saved me a lot of googling, and simply it's a very nice looking tutorial :ablobcathappypaws:

#mitmproxy #Tech #Linux #FOSS #FreeSoftware #Programming #Network

I'm using #mitmproxy / mitmdump with some custom scripts to mess with cookies.

But after a few hours of running, it always runs out of file descriptors and requests start to fail, so I have to kill the process and start it again.

Seeing as #rustlang is the epitome of stability, I was wondering if there is an equivalent tool that fulfills the same needs. That is, a proxy with which I can manipulate requests and their responses on their way out/in.

KTHXBAI

#Mitmproxy 9 is here and the new #WireGuard mode is huge! Makes #debugging on mobile devices a whole lot easier.

https://mitmproxy.org/posts/releases/mitmproxy9/

@lucius @Fritange Là comme ça #mitmproxy ne servira pas à grand chose.
Je dirais plutôt #afwall+, en bloquant les apps une à une et en regardant qui tag dessus !

Unheimlich, mal live zu sehen, wie oft ein normales Android im unbenutzten Zustand an Google telefoniert. #mitmproxy

Si vous aimez voir ce que vos apps préférées partage comme données Privacy International à rendu public son toolkit pour analyser des applications sous Android (d'une façon un peu différente de @exodus ): https://privacyinternational.org/node/2732

#VM et #mitmproxy au programme, y'a de quoi s'amuser.