MITM Proxy Server


#1

I wanted to create a server that will be able to capture user data though a proxy.
Seeing that mitmproxy has a community I thought this would be a great place to find help.

Some noob-ish questions:
How do I create a proxy server? I know that it is a broad question but I have wasted 2 hours on google trying to answer it myself, but there is no good answer.
Is it possible to incorporate mitmproxy to it, being that is already well made.
If a user is just pointed to the proxy dose it need to install additional certificates to pass though other sensitive information? if not what kind of data can be passed though?


#2

A proxy server is a computer running proxy software. So if you setup a ubuntu system and installed mitmproxy on it, then it would be a proxy server.

When mitmproxy runs on that computer, it listens to traffic on a specific port, say 8080. Your clients have to change their networking settings to divert all their network communication in a given protocol to your computer running mitmproxy on the specific port.

By sensitive information, I believe you mean the SSL traffic. They do not have to install any special certificates for the proxy computer to work, but in order for the proxy server to be able to see their sensitive traffic, each client needs to install and trust the mitmproxy certificate as a root certificate.

This is very high level, but it should give you a start.

Matt