Mitmproxy:

Max Greenwald
Sep 6, 2015 · 19 min read

Your D.I.Y. Private Eye

Part 1/2: How To Install A Free Tool To Catch Companies Collecting Data About You Without Your Consent

An illustration from Lifehacker.com

How Mitmproxy Works

The way Mitmproxy works is by sitting in the middle of the connection between your phone or computer, and the internet at large. Checkout this nice diagram made by Phillip Heckel on his blog post on Mitmproxy.

The communication route for how Mitmproxy intercepts traffic
A typical Mitmproxy capture session

Mitmproxy Set Up Process — Installation and Computer/Phone Environments

1. Installation:

*Continue if you have a Mac Computer or skip to the Linux Computer section*

A blank Mitmproxy screen
A blank Mitmproxy screen

2. Computer Environment Setup:

We now have Mitmproxy installed on our computer. Mitmproxy can now see 1 of 2 of the types of channels we want to see: HTTP. To enable our computer to trust Mitmproxy enough to allow it see HTTPS connections we need to install a certificate. First type into Terminal/Konsole,

What you should see on mitm.it
What a certificate looks like if on your desktop
A typical Firefox browser on launch
Advanced settings for Firefox
Mitmproxy capturing HTTP and HTTPS packets
A picture of what you should see when quitting Mitmproxy
How to reset your Firefox settings to browse normally
A typical Chrome Settings page
Changing proxy settings on Chrome via Network Settings for Mac
Mitmproxy capturing HTTP and HTTPS packets via Chrome
A picture of what you should see when quitting Mitmproxy

3. Phone Environment Setup:

Now we will do a similar process for your phone so Mitmproxy can record the behind the scenes stuff from your mobile applications. We need to set up a certificate on the phone and then configure the phone to send information to your computer where Mitmproxy is living.

What a certificate looks like if on your desktop
Network Settings on Mac with the red box indicating a typical IP Address
Changing the HTTP Proxy Settings on your iPhone Wi-Fi network to direct traffic to Mitmproxy with your computer’s IP Address
Screenshots from the Mail app on iPhone to download Mitmproxy certificate on your phone
What you should see on mitm.it on mobile
Mitmproxy capturing HTTP and HTTPS packets from an iPhone
Screenshots from Network Settings on Android to direct traffic to Mitmproxy on your computer’s IP Address
Screenshots from Network Settings on Android to direct traffic to Mitmproxy on your computer’s IP Address
Screenshots from the Mail app on Android to download Mitmproxy certificate on your phone
Screenshots from Network Settings on Android to direct traffic to Mitmproxy on your computer’s IP Address
Mitmproxy capturing HTTP and HTTPS packets on your computer from your Android Phone
Mitmproxy capturing HTTP and HTTPS packets on your computer from Ethernet from your Android Phone

Conclusion

Congratulations on completing your setup of Mitmproxy! Now that you have that headache out of the way it will only take you 30 seconds to boot up Mitmproxy to work on your computer or phone. Remember to configure your browser settings on your computer to local host and your HTTP proxy settings on your phone to point to your computer’s IP address. Simply change them back to revert back to normal functionality.

Max’s Blog

Thoughts and musings on my favorite topics: (1) Macro…

Max’s Blog

Thoughts and musings on my favorite topics: (1) Macro: Global Trends (2) Micro: Tech, Business & Products (3) Cybersecurity (4) Life & Travel

Max Greenwald

Written by

Founder @ Warmly, (getwarmly.com), xPM @ Google, Founder @ IgniteSTEM (IgniteSTEM.org). Always trying to grow.

Max’s Blog

Thoughts and musings on my favorite topics: (1) Macro: Global Trends (2) Micro: Tech, Business & Products (3) Cybersecurity (4) Life & Travel