MITMProxy is a popular open source Python-based HTTP(S) interception proxy. The developers have recently added a web-based front-end to supplement the existing ncurses console GUI. This talk will focus on work that I have done to bring a plugin architecture to the web front-end, allowing existing and new MITMProxy scripts to be configured and triggered through the browser. Two types of plugins have been added: view-only transformations, and "action" transformations with options affecting the data traveling across the wire. This gives MITMProxy users more capabilities in terms of manipulating and visualizing intercepted HTTP(S) traffic, using application or domain-specific plugins. I will show how this plugin architecture can be used in practice via an example of cheating at a popular mobile word puzzle game. There will also be a brief discussion of other interesting plugins and next steps.
Chris Czub is an information security engineer on Duo Security's Corporate Security team where he helps keep their employee endpoints and servers monitored and safe.
Wednesday August 5, 2015 15:30 - 15:55 PDT
Proving GroundFlorentine E
