Copy and send decrypted HTTPS traffic to specific location

Hello,

Can MITM Proxy send a copy of decrypted HTTPS traffic to particular location (e.g. another Analysis Tool or remote System/IP)?

Thanks!

Hi @leo,

You could use mitmproxy’s scripting interface to send copies of the decrypted data to another system. Is this what you are looking for?

Thanks for the response mhils!

I read through the scripting info on the mitmproxy.org and it’s not apparently obvious to me if the API is robust enough do what I would like (granted, my scripting ability is limited).

Is the API robust enough to send the entire packet to another system after the decryption process?

1 Like

#PUSH.
I’m quite sure @leo is searching for something like a daemon instance used for analytical purposes, so am I. Thinking of a tiny daemon process which retrieves the same package information as the terminal process, but working quietly in the background sending it’s received data to a special server which saves/analyzes the information.

AFAIK there is no daemon existing for mitmproxy, so maybe it could be feature-request?
As for analytical reasons this may be extremely interesting.

I am also looking for something very similar.

It would be nice to simply replay the decrypted traffic to snort or anything else for analysis.

It would be great if MITM could actually have the ability to specific the location / IP but logging to a PCAP would also work.

Hello @Skyline,

I want to do the same thing, I thought I can redirect the data from the content-view files, but I was unable to do it. Which file I should look for getting the data? or with the script?

Create your own script, define response handler, put flow.response.get_text(strict=False) wherever you want.