Five agent modes of Mitmproxy (vi) _mitmproxy

Mitmproxy commonly known as man-in-the-middle attack artifact, has tamper-proofing function of the agent, support HTTP communication and HTTPS communication, a total of five agent mode.

1, forward proxy (regular proxy) when the default selection mode

is a server located between the client and the original server (Origin server), in order to obtain content from the original server, the client sends a request to the Mitmproxy agent and specifies the target (the original server), and the agent then forwards the request to the original server and returns the obtained content to the client. The client must make some special settings to use the forward proxy.

2. Reverse proxy (reverse proxy) startup parameter-R host

Contrary to the forward proxy, it is like the original server for the client and the client does not need to make any special settings. The client sends a normal request to the Mitmproxy proxy, mitmproxy forwards the request to the specified server, and returns the obtained content to the client, as if the content were originally its own.

3, uplink agent (upstream proxy) Start parameter-u host

Mitmproxy accepts the agent request and forwards all requests unconditionally to the specified upstream proxy server. This is in contrast to the reverse proxy, where Mitmproxy forwards ordinary HTTP requests to the upstream server.

4, transparent proxy (transparent proxy) start parameter-t

When a transparent proxy is used, traffic is redirected to the agent at the network layer without any client configuration required. This makes transparent proxies ideal for situations where client behavior cannot be changed-proxy boring Android apps are a common example.

To set up a transparent proxy, we need two new components. The first is the redirection mechanism, which transparently routes TCP connections for servers on the internet to the listening proxy server. This usually takes the form of a firewall on the same host as the proxy server. For example, iptables under Linux, or PF in OS X, once the client initializes the connection, it makes a normal HTTP request (note that the request is that the client does not know that the proxy exists) and there is no scheme (such as http://or https://) in the request header. There is no host name (such as example.com) how do we know which is the upstream host. The routing mechanism performs a redirect, but retains the original destination address.

Iptable settings

Iptables-t nat-a prerouting-i eth0-p tcp--dport 80-j REDIRECT--to-port 8080 iptables-t nat-a prerouting-i
et H0-p TCP--dport 443-j REDIRECT--to-port 8080

Enable transparent proxy,

Mitmproxy-t

5. SOCKS5 Proxy startup parameter--socks

Proxy Server with SOCKS protocol