2015-09-06 01:20:58 +00:00
|
|
|
.. _reverseproxy:
|
|
|
|
|
|
|
|
Reverse Proxy
|
|
|
|
=============
|
|
|
|
|
2015-11-02 09:47:14 +00:00
|
|
|
In reverse proxy mode, mitmproxy accepts standard HTTP(S) requests and forwards
|
2015-09-06 01:20:58 +00:00
|
|
|
them to the specified upstream server. This is in contrast to :ref:`upstreamproxy`, in which
|
2015-11-02 09:47:14 +00:00
|
|
|
mitmproxy forwards HTTP(S) proxy requests to an upstream proxy server.
|
2015-09-06 01:20:58 +00:00
|
|
|
|
2016-06-07 02:08:46 +00:00
|
|
|
================== ================================
|
|
|
|
command-line ``-R http[s]://hostname[:port]``
|
|
|
|
================== ================================
|
2015-09-06 01:20:58 +00:00
|
|
|
|
2015-11-02 09:47:14 +00:00
|
|
|
Here, **http[s]** signifies if the proxy should use TLS to connect to the server.
|
2015-09-06 01:20:58 +00:00
|
|
|
mitmproxy always accepts both encrypted and unencrypted requests and transforms
|
|
|
|
them to what the server expects.
|
|
|
|
|
|
|
|
.. code-block:: none
|
|
|
|
|
|
|
|
>>> mitmdump -R https://httpbin.org -p 80
|
|
|
|
>>> curl http://localhost/
|
|
|
|
# requests will be transparently upgraded to TLS by mitmproxy
|
|
|
|
|
|
|
|
>>> mitmdump -R https://httpbin.org -p 443
|
|
|
|
>>> curl https://localhost/
|
|
|
|
# mitmproxy will use TLS on both ends.
|
|
|
|
|
|
|
|
|
|
|
|
Host Header
|
|
|
|
-----------
|
|
|
|
|
2016-09-26 16:37:17 +00:00
|
|
|
In reverse proxy mode, mitmproxy automatically rewrites the Host header to match the
|
|
|
|
upstream server. This allows mitmproxy to easily connect to existing endpoints on the
|
2017-02-22 18:02:16 +00:00
|
|
|
open web (e.g. ``mitmproxy -R https://example.com``). But this behaviour can be
|
|
|
|
be disabled by passing ``--keep-host-header`` on the console.
|
2015-09-06 01:20:58 +00:00
|
|
|
|
2016-09-26 16:37:17 +00:00
|
|
|
However, keep in mind that absolute URLs within the returned document or HTTP redirects will
|
|
|
|
NOT be rewritten by mitmproxy. This means that if you click on a link for "http://example.com"
|
|
|
|
in the returned web page, you will be taken directly to that URL, bypassing mitmproxy.
|
2015-09-06 01:20:58 +00:00
|
|
|
|
2016-09-26 16:37:17 +00:00
|
|
|
One possible way to address this is to modify the hosts file of your OS so that "example.com"
|
|
|
|
resolves to your proxy's IP, and then access the proxy by going directly to example.com.
|
2017-02-22 18:02:16 +00:00
|
|
|
Make sure that your proxy can still resolve the original IP, or specify an IP in mitmproxy.
|