Tool for finding out what information your apps are leaking

mitmproxy, "an SSL-capable man-in-the-middle proxy," is a useful little free software utility that can sniff the traffic between your computer or mobile device and its servers and determine what data the apps you're running are leaking to the mothership.

mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP.

* Intercept and modify HTTP traffic on the fly
* Save HTTP conversations for later replay and analysis
* Replay both HTTP clients and servers
* Make scripted changes to HTTP traffic using Python
* SSL interception certs generated on the fly

mitmproxy (via O'Reilly Radar)


  1. You should definitely also check out Charles. It’s not free, but worth every penny. Here’s a tutorial showing how to proxy your iPhone through Charles running on a Mac:

  2. While it’s always great to have a free tool like this, I’m surprised at how many people seem to not realize that tools that could accomplish these things have been available for some time.
    The one I really like is a pay for app called Charles Proxy, but it has a trial version that just has time limits on its use. In my opinion it’s a lot more user friendly than mitmproxy and well worth the cost, but I can see how somebody look for a free alternative would like mitmproxy.

  3. This looks like a fantastic tool for developing apps that interface with websites, too. Friendly apps, or course. The naughty developers have had this stuff for years.

    I wonder if anyone knows of similar tools for examining other kinds of traffic they might be using, like telnet?

  4. This is great, but I would need something for luddites. One look at that command line had me running away holding my earlobes. I find it odd that now phones are too complicated for the average person to understand.

  5. Mac users do this for years using Little Snitch. It allows to configure precisely which application is allowed to go through, and which trigger a dialogue where you can either allow or deny internet connection. Great tool, little price. (No I don’t work for them).

    @robdobbs: This one is really simple to set up. No command line stuff.

    1. I’ve been a happy user of LittleSnitch for years, but it has its shortcomings. One of which is that it doesn’t give you any data on what is being communicated, only what’s connected to. That said, I highly recommend it if you’re even slightly of the paranoid bent.

  6. It’s a great promise, but am I wrong in thinking a smart bit of spyware could easily bypass the proxy settings entirely?

  7. Useful tool. I think something deeper is needed to capture traffic over 3G, though.  I’ve got something misbehaving and using ~250M of 3G data on my iPhone in a period of 3-4 hours overnight: even when connected to a wifi network.

Comments are closed.