My question is, is there a way to store traffic in pcap format, and if not what is the best option to log post data?
With option -w/-a all html traffic is logged, we can replay it with mitmdump but my aim is only at filtering sensitive logged data from post requests. Is the only alternative to write a script for that?
I would just use Wireshark next to mitmproxy for that. mitmproxy can log TLS master secrets so that Wireshark can decrypt TLS packets.
By filtering, you mean “only store/save/persist flows which are POST requests”? The first thing you can do is only save flows that match a certain pattern, e.g. by using mitmdump’s filter argument: mitmdump -w dump.mitm '~m POST' (or mitmdump -r dump.mitm -w dump-filtered.mitm '~m POST'. Depending on how small you want things to become, you can also delete the corresponding response or only the response body.
Yeah thanks Maximilian, also i just read that objects are dumped thanks to tnetstrings. My purpose is just to save headers in order to minimize log files, i think ~m [post|get] ~h will do the trick for post and get requests/responses.
You are misunderstanding filters here. We are always saving full flows, you can just filter which ones are saved based on a header value. This will not limit the dump file to headers only.