Five agent modes of Mitmproxy (vi) _mitmproxy

Source: Internet
Author: User
Tags iptables

Mitmproxy commonly known as man-in-the-middle attack artifact, has tamper-proofing function of the agent, support HTTP communication and HTTPS communication, a total of five agent mode.


1, forward proxy (regular proxy) when the default selection mode


is a server located between the client and the original server (Origin server), in order to obtain content from the original server, the client sends a request to the Mitmproxy agent and specifies the target (the original server), and the agent then forwards the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.



2. Reverse proxy (reverse proxy) startup parameter-R host


Contrary to the forward proxy, it is like the original server for the client and the client does not need to make any special settings. The client sends a normal request to the Mitmproxy proxy, mitmproxy forwards the request to the specified server, and returns the obtained content to the client, as if the content were originally its own.



3, uplink agent (upstream proxy) Start parameter-u host


Mitmproxy accepts the agent request and forwards all requests unconditionally to the specified upstream proxy server. This is in contrast to the reverse proxy, where Mitmproxy forwards ordinary HTTP requests to the upstream server.



4, transparent proxy (transparent proxy) start parameter-t


When a transparent proxy is used, traffic is redirected to the agent at the network layer without any client configuration required. This makes transparent proxies ideal for situations where client behavior cannot be changed-proxy boring Android apps are a common example.

To set up a transparent proxy, we need two new components. The first is the redirection mechanism, which transparently routes TCP connections for servers on the internet to the listening proxy server. This usually takes the form of a firewall on the same host as the proxy server. For example, iptables under Linux, or PF in OS X, once the client initializes the connection, it makes a normal HTTP request (note that the request is that the client does not know that the proxy exists) and there is no scheme (such as http://or https://) in the request header. There is no host name (such as example.com) how do we know which is the upstream host. The routing mechanism performs a redirect, but retains the original destination address.

Iptable settings

Iptables-t nat-a prerouting-i eth0-p tcp--dport 80-j REDIRECT--to-port 8080 iptables-t nat-a prerouting-i
et H0-p TCP--dport 443-j REDIRECT--to-port 8080

Enable transparent proxy,

Mitmproxy-t


5. SOCKS5 Proxy startup parameter--socks

Proxy Server with SOCKS protocol

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.