mitmproxy integration for HTTPolice

mitmproxy is an advanced HTTP debugging tool that can intercept TLS-encrypted connections, supports HTTP/2, and many more.

mitmproxy-HTTPolice is an inline script for mitmproxy that will check intercepted exchanges and produce an HTTPolice report. It also works with mitmproxy’s command-line tool mitmdump.

For recent changes in mitmproxy-HTTPolice, see the changelog.

Installation

Do this in a Python 3.5+ environment:

$ pip3 install mitmproxy-HTTPolice

If this is giving you trouble, see mitmproxy docs and HTTPolice docs for more detailed instructions.

Note

Do not use mitmproxy’s pre-built self-contained binaries. mitmproxy and HTTPolice need to live in the same Python environment, and this is only possible if you install mitmproxy from source via pip. See the “Installation from Source” sections in mitmproxy docs.

Usage

To run HTTPolice together with mitmproxy, use a command like this:

$ mitmdump -s "`python3 -m mitmproxy_httpolice` -o html report.html"

Note the backticks. Also, you can replace mitmdump with mitmproxy if you wish.

-s is an option for mitmproxy that specifies an inline script to run, along with arguments to that script.

python3 -m mitmproxy_httpolice is a sub-command that prints the path to the script file:

$ python3 -m mitmproxy_httpolice
/home/vasiliy/.local/lib/python3.5/site-packages/mitmproxy_httpolice.py

-o html tells HTTPolice to produce HTML reports (omit it if you want a plain text report). Finally, report.html is the name of the output file.

Now, mitmproxy/mitmdump starts up as usual. Every exchange that it intercepts is checked by HTTPolice. When you stop mitmdump (Ctrl+C) or exit mitmproxy, HTTPolice writes an HTML report to report.html.

You can use the -s option to silence unwanted notices, just as with the httpolice command-line tool:

$ mitmdump -s "`python3 -m mitmproxy_httpolice` -s 1089 -s 1194 report.txt"

mitmproxy/mitmdump itself has many interesting options. One of the more useful features is the ability to dump traffic into a file. If you do this, you can then “replay” it as many times as you wish:

$ mitmdump --wfile flows.dat
$ mitmdump --no-server --read-flows flows.dat \
>     -s "`python3 -m mitmproxy_httpolice` /dev/stdout"