TL;DR - How can I clear the session in MITMWeb without user interaction?
I’m attempting to programatically clear sessions in MITMWeb to manage running memory usage, either through a script/add-on (which don’t sound like are working in MITMWeb yet), a shell command, or an API call to the web interface. I need to do this so MITMWeb can capture traffic and display it in the web interface, but clear the screen when it needs to free up memory.
In the UI, this is accomplished by clicking “mitmproxy --> new” and clicking OK on the popup, but I’m unable to find a way for something other than the user to trigger this (in my case, the Docker container will sense it needs to clear memory with a health check and trigger the command to clear screen).
So far, I’ve been able to inspect the API POST for the “clear” command, but it seems to be checking that the request originated from the web (http://:8081/clear?_xsrf=2|53adbe93|38e2d80bf2518464244af0d73afd0442|1528152407). Making this API Call from curl generates the following log:
WARNING:tornado.general:403 POST /clear?_xsrf=2|53adbe93|38e2d80bf2518464244af0d73afd0442|1528152407 (192.168.13.234): XSRF cookie does not match POST argument WARNING:tornado.access:403 POST /clear?_xsrf=2|53adbe93|38e2d80bf2518464244af0d73afd0442|1528152407 (192.168.13.234) 0.96ms
Is there something I’m missing here? Some sort of way to format the request to get it accepted? The last-resort option is to kill and restart MITMWeb, but we’ll lose packets while it starts up again even with the “append to file” option.