mitmproxy for fun and profit Interception and Analysis of Ap...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://www.synacktiv.com/en/publications/mitmproxy-for-fun-and-profit-interception-and-analysis-of-application-traffic.html
• Blog Title: mitmproxy for fun and profit: Interception and Analysis of Application Traffic
• Suggested Section: Generic Methodologies & Resources -> Pentesting Network (or Pentesting Web Methodology) : add a mitmproxy advanced usage page (transparent mode with nftables, namespaces) and/or cross-link from Mobile Pentesting (Android/iOS) for gRPC/protobuf and reverse:tls non-HTTP interception

🎯 Content Summary

Title / context
Synacktiv provides a hands-on, multi-platform guide to intercepting, analyzing, modifying, and replaying application traffic with mitmproxy (Python-based, open-source). The post focuses on three practical interception scenarios:
1) Linux lab interception using network namespaces + Wi‑Fi AP + firewall redirection (transparent MITM).
2) Android HTTPS/gRPC interception and protobuf req...

🔧 Technical Details

Transparent MITM lab using Linux network namespaces + Wi‑Fi AP + NAT redirect: Create an isolated interception environment with ip netns add and run tooling inside it with ip netns exec. Move lo and the Wi‑Fi interface (e.g., wlan0) into the namespace, then create an access point with lnxrouter (also provides routing and DHCP). Force client traffic through the proxy by adding nftables NAT prerouting redirect rules for TCP/80 and TCP/443 to the mitmproxy transparent port (and optionally UDP/53 for DNS), with an exclusion on the proxy’s own IP to avoid loops. This enables interception without configuring the client (transparent mode) and relies on TLS ClientHello SNI for dynamic certificate forging.

HTTP path rewriting to swap Git repositories during git clone (supply-chain MITM pattern): When a victim uses an attacker-controlled prox...

🤖 Agent Actions

I’m mapping the repo first, then I’ll read the most relevant methodology and mobile/network pages to find a single correct insertion point and avoid duplicating existing mitmproxy coverage.
I’ve got the candidate areas narrowed to pentesting-network, mobile-pentesting, and a few protocol-specific pages. Next I’m checking existing mitmproxy/protobuf/gRPC coverage to avoid adding a redundant page.
I’ve confirmed HackTricks already covers Android CA trust, APK repacking, and gRPC-Web framing, but not the combination this blog adds: namespace-based transparent MITM, raw gRPC/protobuf tampering in mitmproxy, and reverse TLS interception of non-HTTP protobuf over TCP. I’m checking a few more narrowly related pages before choosing the single target file.
The best fit is the generic network methodology page, not the Android/iOS setup pages. It can absorb the reusable interception techniques without scattering the same material across mobile docs.
I’ve confirmed the delta against existing docs. I’m updating pentesting-network/README.md with a focused interception section that keeps the blog’s novel material in one place: transparent MITM labs, smart-HTTP rewriting, gRPC/protobuf frame tampering, and reverse TLS for raw TCP protocols.
The content is in place. I’m doing a second pass now to make sure the insertion is stylistically consistent and to add only the references actually used at the end of the same file.
I’ve added the references and I’m verifying the final diff now to ensure the page ends cleanly and the new section stays scoped to one file only.
Updated README.md with a new mitmproxy interception section under network sniffing. I kept it in a single file and focused on the reusable techniques from the blog that were missing from HackTricks: transparent interception with namespaces + nftables, Git smart-HTTP path rewriting, raw gRPC/protobuf frame tampering, and reverse:tls for non-HTTP TLS protocols over TCP.

I did not create a new page because the material fits better as network interception methodology than as Android/iOS-only setup notes, and the repo already had separate coverage for CA trust, SSL pinning bypasses, and gRPC-Web. I also appended the Synacktiv blog and relevant tool references at the end of the same file.

Verification: checked the final diff and confirmed the change is limited to that one file.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://www.synacktiv.com/en/publications/mitmproxy-for-fun-and-profit-interception-and-analysis-of-application-traffic.html

Content Categories: Based on the analysis, this content was categorized under "Generic Methodologies & Resources -> Pentesting Network (or Pentesting Web Methodology) : add a mitmproxy advanced usage page (transparent mode with nftables, namespaces) and/or cross-link from Mobile Pentesting (Android/iOS) for gRPC/protobuf and reverse:tls non-HTTP interception".

Repository Maintenance:

• MD Files Formatting: 972 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0