Hacker News new | ask | show | jobs
by bitexploder 3131 days ago
Don't forget mitmdump. It is a great way to log sessions and chain to other proxies at the same time.

Also, mitmdump is one of the best and fastest ways to get ahold of web requests with Python to modify it on the fly.

http://docs.mitmproxy.org/en/stable/mitmdump.html

I have been using mitmproxy over Burp for day to day web app hacking these days. But we still use Burp scanner for lots of chores. I almost always chain through both to then go back in and use Burp features missing in mitmproxy (exploring site contents, etc.). But those are edge cases mostly needed for professional use and not for tinkering.
1 comments
nopcode 3131 days ago
I don't understand how this can be faster or more friendly than using Burp.

Would you mind sharing an example flow?

link
bitexploder 3131 days ago
I just like working in terminal. Some things I can do faster in mitmproxy (filtering with lots of constraints, shooting response or request data to a pipe). It has a mutt like interface so if mutt seems fast and intuitive then mitmproxy will feel similar. I have spent a lot of years thrashing around in the Burp GUI and mostly I don't need all the features all the time :)

Things that are a few clicks in Burp are a few terse keystrokes or key presses in mitmproxy. IDK, give it a shot and see if it makes sense . Most of our team just sticks with Burp FWIW.

link