INTRO

You can say that it is a part two of “intercept traffic of android phone with PC(Linux)”. Today’s topic is Mitmweb. we will know how to use it to intercept (HTTP/HTTPS) traffic for our Kali Linux. it is a tool of Mitmproxy. its developer also provides us with very beautiful documentation.

Mitmwb has a user-friendly web interface. it gives users a better experience than the burpsuite. But it is not a powerful tool as burpsuite. but when it comes only to capture traffic, it is best Web-Framework.

you can even customise Mitmweb to capture traffic according to you. for example, you can choose the port on which you want to get the whole capture data. But before starting this tutorial, I would like to suggest some of my previous articles so you may understand it easily.

1.ProxyBroker

2. keep your system safe with TOR

3. Intercept all the android traffic with Burpsuite

The third one is the most important to read. and for the other ones, it is your own choice if you want to read it or not.

 

STEPS

The process of Mitmweb tool is the same as burpsuite. If you don’t have Kali Linux, you will need to manually install it. and the best thing about this framework is that it is available for every Operating System.

For Windows:

If your Mitmproxy addons require the installation of additional Python packages, you can install Mitmproxy from PyPI.

While there are plenty of options around1, we recommend the installation using pipx:

  1. Install a recent version of Python (we require at least 3.6).
  2. Install pipx.
  3. pipx install mitmproxy

For Mac:

brew install mitmproxy

well, I know many of us don’t use Mac. we are not that rich. But, whatever, here is the command.

For Linux:

Download the binaries from here: https://mitmproxy.org/

That’s all for the installation. now we can start on the working of the tool.

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

First of all, we will need to set up a certificate in the browser, whose data traffic will be captured in Mitmweb.

  1. go to the ~./mitmproxy/ dir.
  2. you will see some certificates there. now copy the mitmproxy-ca-cert.cer certificate with this command:
cp mitmproxy-ca-cert.cer /root/Desktop

Note– you can also use the mitmproxy-ca-cert.pem certificate, in case you are using android.

3. Now, we will run the tool with this command:

mitmweb

4. After that, we will get the web-panel and proxy server. its default web-panel opens at http://127.0.0.1:8081. and the proxy server starts at port 8080.

5. now we have to add the proxy into the browser. for example, we can use Mozilla Firefox because it comes pre-installed in Kali Linx. go to setting> search >proxy. and add the proxy as shown below:

6. If you remember in the second step, I have mentioned about the certificate. we will install it in Browser.

go to Setting> search > view certificates. and import the previous certificate that we copied in the second step:

7. now you are good to go. now we can use it. just go to some website in the browser. and you will be able to see its request and response in the web panel of Mitmweb. use this URL:

http://127.0.0.1:8080

you can play with it and know more about it.

if you want to use it to receive traffic from the android phone, you can visit our previous article. I haven’t used this tool in that article but the setup of the proxy is the same.

 

 

Stay home, stay safe and keep reading our articles.

Thanks For Visiting.

LEAVE A REPLY

Please enter your comment!
Please enter your name here