Synopsis

With mitmproxy it is possible to inspect live applications for their http traffic. This is useful for reverse-engineering APIs, among other purposes. Proxychains allows you to run an application through a proxy, even if the applications doesn’t directly support proxies. It doesn’t work for every application you might try, but it’s still quite handy.

Demonstration

asciinema recording

Automate the process further

mitm

1
2
3
4
5
6
7
8
#!/bin/bash
export TTY

( hs "$(basename "$0")" "$@" "#" "<==" "$(ps -o comm= $PPID)" 0</dev/null ) &>/dev/null

sps mitmproxy -p 8555
sleep 1
mitmproxify "$@"

Where does dman get its man pages from?

1
mitm dman ifconfig

asciinema recording

Where does youtube-dl get its videos?

1
youtube-dl --no-check-certificate --proxy=localhost:8555 --ignore-errors -f 251 'https://www.youtube.com/watch?v=qmN4jzEr7TE'
1
mitmproxy -p 8555

asciinema recording

Configure proxychains4

proxychains-mitm.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
 proxychains.conf  VER 4

strict_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
localnet 127.0.0.0/255.0.0.0
[ProxyList]
http 	127.0.0.1 8555

Create the mitmproxify script

1
2
3
#!/bin/bash

proxychains4 -f $NOTES/ws/proxychains/configs/proxychains-mitm.conf "$@"

Silence proxychains output with a wrapper script

proxychains4

1
2
3
4
#!/bin/bash

export PROXYCHAINS_QUIET_MODE=1
/usr/bin/proxychains4 "$@"

Start mitmproxy

1
mitmproxy -p 8555
1
mitmproxify /usr/bin/elinks