api-mitmproxy

Solid

Interactive HTTPS proxy for API security testing with traffic interception, modification, and replay capabilities. Supports HTTP/1, HTTP/2, HTTP/3, WebSockets, and TLS-protected protocols. Includes Python scripting API for automation and multiple interfaces (console, web, CLI). Use when: (1) Intercepting and analyzing API traffic for security testing, (2) Modifying HTTP/HTTPS requests and responses to test API behavior, (3) Recording and replaying API traffic for testing, (4) Debugging mobile app or thick client API communications, (5) Automating API security tests with Python scripts, (6) Exporting traffic in HAR format for analysis.

API & Backend 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# mitmproxy API Security Testing ## Overview mitmproxy is an interactive, TLS-capable intercepting HTTP proxy for penetration testers and developers. It enables real-time inspection, modification, and replay of HTTP/HTTPS traffic including APIs, mobile apps, and thick clients. With support for HTTP/1, HTTP/2, HTTP/3, and WebSockets, mitmproxy provides comprehensive coverage for modern API security testing. ## Interfaces **mitmproxy** - Interactive console interface with keyboard navigation **mitmweb** - Web-based GUI for visual traffic inspection **mitmdump** - Command-line tool for automated traffic capture and scripting ## Quick Start Install and run mitmproxy: ```bash # Install via pip pip install mitmproxy # Start interactive console proxy mitmproxy # Start web interface (default: http://127.0.0.1:8081) mitmweb # Start command-line proxy with output mitmdump -w traffic.flow ``` Configure client to use proxy (default: localhost:8080) ## Core Workflows ### Workflow 1: Interactive API Traffic Inspection For manual API security testing and analysis: 1. Start mitmproxy or mitmweb: ```bash # Console interface mitmproxy --mode regular --listen-host 0.0.0.0 --listen-port 8080 # Or web interface mitmweb --mode regular --listen-host 0.0.0.0 --listen-port 8080 ``` 2. Configure target application to use proxy (HTTP: localhost:8080) 3. Install mitmproxy CA certificate on client device 4. Trigger API requests from the application 5. Intercept and inspe...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Integrates with

WebSocket · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

proxy-server

Expert skill for proxy server implementation, configuration, and traffic interception

1,160 Updated today
a5c-ai
AI & Automation Featured

intercepting-mobile-traffic-with-burpsuite

Intercepts and analyzes HTTP/HTTPS traffic from mobile applications using Burp Suite proxy to identify insecure API communications, authentication flaws, data leakage, and server-side vulnerabilities. Use when performing mobile application penetration testing, assessing API security, or evaluating client-server communication patterns. Activates for requests involving mobile traffic interception, Burp Suite mobile proxy, API security testing, or mobile HTTPS analysis.

13,115 Updated today
mukul975
AI & Automation Featured

conducting-man-in-the-middle-attack-simulation

Simulates man-in-the-middle attacks using Ettercap, mitmproxy, and Bettercap in authorized environments to intercept, analyze, and modify network traffic for testing encryption enforcement, certificate validation, and detection capabilities.

13,115 Updated today
mukul975
API & Backend Featured

conducting-api-security-testing

Conducts security testing of REST, GraphQL, and gRPC APIs to identify vulnerabilities in authentication, authorization, rate limiting, input validation, and business logic. The tester uses the OWASP API Security Top 10 as the testing framework, combining Burp Suite interception with Postman collections and custom scripts to test endpoint security at every privilege level. Activates for requests involving API security testing, REST API pentest, GraphQL security assessment, or API vulnerability testing.

13,115 Updated today
mukul975
DevOps & Infrastructure Solid

ghost-proxy

Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".

383 Updated 2 months ago
ghostsecurity