I am running man in the middle targeting traffic coming from an iPhone app and it seemed to be catching most my traffic. While running this I also am running a tcpdump to capture more data coming from just the phone. When looking at the TCPDump data I notice that there are multiple http requests listed that aren’t picked up by MITM but are going through the proxy’s port. Any ideas why this would be happening?
If it goes through mitmproxy it should definitely appear in the UI. The only exception to that are CONNECT requests in regular mode, which are part of the HTTP proxy protocol and are not forwarded to the destination server. Or if you enabled the TCP mode. If you encounter other behaviour, I’d love to see a concise PCAP/mitmproxy dump file!
Thank you for the reply! This makes sense and I have confirmed all the requests I’m not seeing in the MITM dump file are HTTP Connect requests. I’ve now been trying to configure the transparent proxy but when I run the command I am getting a bunch of logs telling me “Transparent mode failure: RuntimeError(‘Could not resolve original destination.’,)”. I’ve followed the steps listed here: http://docs.mitmproxy.org/en/stable/transparent/osx.html and not having any luck.
You’re probably holding it wrong. Take a look at http://docs.mitmproxy.org/en/stable/modes.html.