mitmproxy integration for HTTPolice

mitmproxy is an advanced HTTP debugging tool that can intercept TLS-encrypted connections, supports HTTP/2, and many more.

mitmproxy-HTTPolice is an inline script for mitmproxy that will check intercepted exchanges and produce an HTTPolice report. It also works with mitmproxy’s command-line tool mitmdump.

For recent changes in mitmproxy-HTTPolice, see the changelog.

Installation

$ pip install mitmproxy-HTTPolice

If this is giving you trouble, see mitmproxy docs and HTTPolice docs for more detailed instructions.

Note that mitmproxy requires a specific version of Python (mitmproxy 0.17 requires Python 2.7).

Usage

To run HTTPolice together with mitmproxy, use a command like this:

$ mitmdump -s "`python -m mitmproxy_httpolice` -o html report.html"

Note the backticks. Also, you can replace mitmdump with mitmproxy if you wish.

-s is an option for mitmproxy that specifies an inline script to run, along with arguments to that script.

python -m mitmproxy_httpolice is a sub-command that prints the path to the script file:

$ python -m mitmproxy_httpolice
/home/vasiliy/.local/lib/python2.7/site-packages/mitmproxy_httpolice.py

-o html tells HTTPolice to produce HTML reports (omit it if you want a plain text report). Finally, report.html is the name of the output file.

Now, mitmproxy/mitmdump starts up as usual. Every exchange that it intercepts is checked by HTTPolice. When you stop mitmdump (Ctrl+C) or exit mitmproxy, HTTPolice writes an HTML report to report.html.

You can use the -s option to silence unwanted notices, just as with the httpolice command-line tool:

$ mitmdump -s "`python -m mitmproxy_httpolice` -s 1089 -s 1194 report.txt"

mitmproxy/mitmdump itself has many interesting options. One of the more useful features is the ability to dump traffic into a file. If you do this, you can then “replay” it as many times as you wish:

$ mitmdump --wfile flows.dat
$ mitmdump --no-server --read-flows flows.dat \
>     -s "`python -m mitmproxy_httpolice` /dev/stdout"