Recently I needed to view the full HTTP GET and POST methods for a python application hosted on a headless server. I ended up using a tool call mitmproxy. This post will cover getting mitmproxy set up on a linux server and viewing the HTTP GET/POST requests on your local machine via a web interface.
Prerequisite
You will need Python 3.6 and screen
yum install -y https://centos7.iuscommunity.org/ius-release.rpm
yum update
yum install -y python36u python36u-libs python36u-devel python36u-pip screen
Setup
You will need to install mitmproxy
python36 -m ensurepip --default-pip
python36 -m pip install mitmproxy
Running mitmproxy
I recommend running mitmproxy in a screen session so that when you logoff it is still running
Start screen session
screen -S mitm
Start mitmproxy web
Stary mitmproxy by running mitmweb. By Default this will listen on 127.0.0.1:8081.
mitmweb
result:
Web server listening at http://127.0.0.1:8081/
No web browser found. Please open a browser and point it to http://127.0.0.1:8081/
Proxy server listening at http://*:8080
127.0.0.1:43746: clientconnect
127.0.0.1:43746: clientdisconnect
127.0.0.1:54664: clientconnect
Detach Screen
Now that you have mitmproxy running, you should detach the screen with the following key combination:
WHILE HOLDING CTRL, PRESS A and then D
output:
[detached from 28475.mitm]
Reattaching screen
Determine which screen mitm is on:
screen -list
Reattach the screen
screen -r 28475.mitm
Modifying your ssh config to tunnel traffic
Edit file ~/.ssh/config
Host foo # this is the "friendly" name of your server
# ssh user
User foo
# IP address of server
Hostname 10.1.1.10
# prevent terminal messages about socket connection errors
LogLevel QUIET
# forward remote socket 127.0.0.1:8081 (remote machine)
# to local socket 127.0.0.1:40081 (your machine)
LocalForward 40081 localhost:8081
# key file used to ssh to server
IdentityFile ~/.ssh/bar.pem
SSH to server
Now you can run the following command to ssh to the friendly name of your server
ssh foo
Configure Server to use Proxy
Refer to your O/S specific documentation here. You should set applications or the O/S to use 127.0.0.1:8080.
View mitmproxy website
This will allow you to see the captured traffic. Using a web browser open up “http://127.0.0.1:40081”