Inspecting TLS-encrypted traffic with mitmproxy

The free, open-source mitmproxy tool makes it easy to inspect TLS-encrypted app and web traffic to see exactly who your phone is talking to.

mobile security / threat detection / traffic analysis
Thinkstock

Mitmproxy is a free, open-source tool whose killer feature is the ability to inspect Transport Layer Security (TLS)-encrypted mobile phone app traffic. The tool is superior to Wireshark when it comes to examining TLS-encrypted network traffic, and its zero-dollar price point beats out the not-cheap Burp Suite. The only downside (upside for some) is that mitmproxy is primarily a command line tool, unlike the swish Burp Suite GUI.

What is that app doing? Who is it talking to? What information is it collecting on your phone or tablet? What about websites on your laptop? Maybe you're building your own app and want to double-check the network traffic is suitably encrypted to comply with GDPR, CCPA and other regulatory obligations. Maybe you're a pen tester breaking apps and websites for a living or examining IoT device traffic.

For all these use cases, mitmproxy is a fine choice. Written in Python, mitmproxy is distributed under an open-source license, and so is easily extensible and scalable in ways that would be impossible with a proprietary tool like Burp Suite.

Here's what you need to know to get started.

Mitmproxy for apps

To continue reading this article register now

The 10 most powerful cybersecurity companies