I’m trying to look at http traffic leaving my device that is destined for a web proxy (port 8080), that I’m hosting on vps I own.
I’ve tried running using the standard prerouting rule to take port 8080 and redirect it 9090 but mitmproxy doesn’t like it. I get absolute warnings when expecting relative.
I saw a number of years ago there was mode called “–spoof” and the original person who came up with it shared a diagram of what they wanted to achieve and it looks remarkably similar. https://github.com/mitmproxy/mitmproxy/pull/638
The mode was removed not long after it was merged.
Suppose my ask here does mitmproxy have a mode where it will act as the proxy the traffic is destined for?
I think you can use the spoof source address option
Use the client’s IP for server-side connections. Combine with
–upstream-bind-address to spoof a fixed source address. Type bool.
The “–spoof-source-address” is that only used with fully transparent mode?
I’ll give it a go and get back. Thanks for your help
So I tried spoof-source-address and that produced the same error as before about getting relative instead resolute.
I tried running the proxy in regular mode and was able to see http traffic (which is great) I’m also getting https which I don’t care about and would prefer just to let that pass without mitmproxy trying to intercept it and mitm it. Is it possible to completely turn off the ssl mitm functionality? I just want to proxy the connection.
I should also further elaborate on my setup that I’m post NAT from my device that is doing the http proxying over port 8080.
So I’ve been able to use the “ignore” function while running in regular mode to say just proxy all 443, something like ‘^((?!80).)*$’
When trying to run in transparent mode I get an http protocol error, expecting e or r… get, absolute. Is this because I’m post nat?
@mhils any ideas?
Did you take a look at http://docs.mitmproxy.org/en/stable/modes.html? --spoof seems to be entirely unrelated to what you want to achieve if I understand you correctly. You probably just want mitmproxy configured in upstream proxy mode and then redirect traffic to it?
So as traffic is flowing through my box already destined for port 8080, will I need to apply iptables redirect to another port like 9090.
Then my command would look like “mitmproxy -U http://myvpsproxy:8080 -p 9090”.
What if i wanted to do the proxying on behalf of my device instead of passing it to my vpsproxy?