Loop decrypted traffic through an external gateway

Routed or transparent doesn’t matter, just want the decrypted traffic to pass through an external device before it’s encrypted and sent away to it’s destination.

Sending a copy of the traffic will not work, need to have control over the session.

Is this possible with mitmproxy?


Not sure if I understand your question entirely, but if you want your mitmproxy traffic to pass through a specific device after passing mitmproxy, I see two options:

  1. If the device runs a HTTP proxy as well, you can use our upstream proxy mode.
  2. If you just want to have the packets pass through the host, this is not really a mitmproxy issue - you want to use iptables for this. :slight_smile:

Thanks for your prompt response.

I have a network device that can do deep scanning of protocols and applications. It can enforce policies, scan for malicious content, generate reports and more. However, it can’t do MITM on SSL.

So in one way or another I would like to send the decrypted SSL traffic from mitmproxy through this device. If it’s supported by mitmproxy or if it can be sorted with iptables and PBR doesn’t really matter.

The external network device can do all kind of advanced routing and also operate in transparent mode if necessary. Only thing needed is to get the decrypted traffic out from the machine running mitmproxy and I can make sure it’s routed back after passing thought my external network device.

There are commercial products doing this but they’re all quite expensive.