2014-01-27 01:16:23 +00:00
|
|
|
|
|
|
|
In reverse proxy mode, mitmproxy accepts standard HTTP requests and forwards
|
2014-03-13 23:02:00 +00:00
|
|
|
them to the specified upstream server. This is in contrast to
|
|
|
|
<a href="@!urlTo("upstreamproxy.html")!@">upstream proxy mode</a>, in which
|
|
|
|
mitmproxy forwards HTTP proxy requests to an upstream proxy server.
|
2014-01-27 01:16:23 +00:00
|
|
|
|
|
|
|
<table class="table">
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
2015-08-30 11:40:23 +00:00
|
|
|
<th width="20%">command-line</th> <td>-R <i>scheme</i>://hostname[:port]</td>
|
2014-01-27 01:16:23 +00:00
|
|
|
</tr>
|
|
|
|
</tbody>
|
|
|
|
</table>
|
2014-10-23 03:13:03 +00:00
|
|
|
|
2015-08-30 11:40:23 +00:00
|
|
|
Here, **scheme** signifies if the proxy should use TLS to connect to the server.
|
|
|
|
mitmproxy accepts both encrypted and unencrypted requests and transforms them to what the server
|
|
|
|
expects.
|
2014-10-23 03:13:03 +00:00
|
|
|
|
2015-08-30 11:40:23 +00:00
|
|
|
mitmdump -R https://httpbin.org -p 80
|
|
|
|
mitmdump -R https://httpbin.org -p 443
|
2014-10-23 03:13:03 +00:00
|
|
|
|
|
|
|
|
2014-12-08 23:01:01 +00:00
|
|
|
### Host Header
|
|
|
|
|
|
|
|
In reverse proxy mode, mitmproxy does not rewrite the host header. While often useful, this
|
|
|
|
may lead to issues with public web servers. For example, consider the following scenario:
|
|
|
|
|
|
|
|
$ python mitmdump -d -R http://example.com/ &
|
|
|
|
$ curl http://localhost:8080/
|
|
|
|
|
|
|
|
>> GET https://example.com/
|
|
|
|
Host: localhost:8080
|
|
|
|
User-Agent: curl/7.35.0
|
|
|
|
[...]
|
|
|
|
|
|
|
|
<< 404 Not Found 345B
|
|
|
|
|
|
|
|
Since the Host header doesn't match <samp>example.com</samp>, an error is returned.<br>
|
|
|
|
There are two ways to solve this:
|
|
|
|
<ol>
|
|
|
|
<li>Modify the hosts file of your OS so that example.com resolves to 127.0.0.1.</li>
|
|
|
|
<li>
|
|
|
|
Instruct mitmproxy to rewrite the host header by passing <kbd>‑‑setheader :~q:Host:example.com</kbd>.
|
|
|
|
However, keep in mind that absolute URLs within the returned document or HTTP redirects will cause the client application
|
|
|
|
to bypass the proxy.
|
|
|
|
</li>
|
|
|
|
</ol>
|