Inspecting TLS-encrypted traffic with mitmproxy

CSO Online Security

Security / CSO Online Security 27 Views 0

Mitmproxy is a free, open-source device whose killer function is the power to examine Transport Layer Security (TLS)-encrypted cell phone app visitors. The software is superior to Wireshark with regards to analyzing TLS-encrypted network visitors, and its zero-dollar worth level beats out the not-cheap Burp Suite. The only draw back (upside for some) is that mitmproxy is primarily a command line software, in contrast to the swish Burp Suite GUI.

What is that app doing? Who's it speaking to? What info is it accumulating on your telephone or tablet? What about web sites on your laptop? Perhaps you're building your personal app and need to double-check the network visitors is suitably encrypted to adjust to GDPR, CCPA and different regulatory obligations. Perhaps you are a pen tester breaking apps and websites for a dwelling or analyzing IoT system visitors.

For all these use instances, mitmproxy is a high-quality selection. Written in Python, mitmproxy is distributed underneath an open-source license, and so is definitely extensible and scalable in ways that can be unattainable with a proprietary device like Burp Suite.

This is what you must know to get started.