Mitmproxy based docker application for capturing mobile app traffic sessions

1

I want to build a persistent docker application (a set of microservices) to capture HTTP sessions from mobile apps.

Here is the workflow for a user:

  • User sets up the proxy on their mobile device (sets proxy IP address of the appliance with port)
  • If it is the first time a user has connected to the proxy, the user installs self-generated certificate.
  • When a HTTP request comes into the proxy appliance, the appliance sends the serialized request as whole to a job queue (which puts it into a database).
  • When user has completed their session, they can go to a web portal to review each request and response.
  • If user wants to export a session (a “flow”, a group of request/responses), they can export as a HAR file.

All of this seems pretty straightforward. But, I have a few questions.

  • Obviously I will write a mitm inline script (http://docs.mitmproxy.org/en/v0.17/scripting/inlinescripts.html). Does each request/response object provided in the mitm callback inside my inline script have access to something unique to the client, say a MAC address (so I can tag it in the database)?
  • I’m not familiar enough with HTTP2 to understand whether HTTP multiplexing makes this idea much more complicated than I might imagine. Can anyone comment?

Thanks.

2

Hi there,

A few comments:

  • The short answer to your first question is “no”, there is no way to really uniquely identify a client just from the connection to the proxy (or any other similar server). The closest thing is the client’s IP address, but that’s not unique - multiple clients behind the same gateway might share the same IP, and IP addresses are not constant. Basically, you’d have to work out some other way to identify your clients.
  • HTTP2 doesn’t make the idea noticeably more complex. You’re still faced with the exact same user identification problem as with HTTP1.

Cheers,

Aldo